VYPR

Youzify

by WordPress

Source repositories

CVEs (11)

  • CVE-2024-13370MedJan 25, 2025
    risk 0.42cvss 6.5epss 0.00

    The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the save_addon_key_license() function in all versions up to, and including, 1.3.3.…

  • CVE-2024-8987MedOct 10, 2024
    risk 0.42cvss 6.4epss 0.00

    The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's youzify_media shortcode in all versions up to, and including, 1.3.0 due to insufficient input…

  • CVE-2023-47191MedDec 21, 2023
    risk 0.42cvss 6.5epss 0.00

    Authorization Bypass Through User-Controlled Key vulnerability in KaineLabs Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress.This issue affects Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for…

  • CVE-2026-1559MedApr 18, 2026
    risk 0.35cvss 6.4epss 0.00

    The Youzify plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'checkin_place_id' parameter in all versions up to, and including, 1.3.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with…

  • CVE-2024-4742MedJun 20, 2024
    risk 0.35cvss 6.5epss 0.01

    The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to SQL Injection via the order_by shortcode attribute in all versions up to, and including, 1.2.5 due to insufficient escaping on the user…

  • CVE-2024-12113MedJan 25, 2025
    risk 0.28cvss 4.3epss 0.00

    The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the delete_user_review() and delete_review() functions in all versions up to,…

  • CVE-2024-9067MedOct 10, 2024
    risk 0.28cvss 4.3epss 0.00

    The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'delete_attachment' function in all versions up to, and…

  • CVE-2024-13368MedJan 25, 2025
    risk 0.21cvss 4.3epss 0.00

    The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the youzify_offer_banner() function in all versions up to, and including, 1.3.4.…

  • CVE-2022-1950Aug 1, 2022
    risk 0.05cvss epss 0.04

    The Youzify WordPress plugin before 1.2.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection

  • CVE-2023-0059Feb 21, 2023
    risk 0.00cvss epss 0.00

    The Youzify WordPress plugin before 1.2.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting…

  • CVE-2021-24443Aug 2, 2021
    risk 0.00cvss epss 0.01

    The About Me widget of the Youzify – BuddyPress Community, User Profile, Social Network & Membership WordPress plugin before 1.0.7 does not properly sanitise its Biography field, allowing any authenticated user to set Cross-Site Scripting payloads in it, which will be executed…