Skip to main content

Youzify

10 CVEs product

Monthly

CVE-2024-39635 HIGH This Week

Missing Authorization vulnerability in KaineLabs Youzify allows Exploiting Incorrectly Configured Access Control Security Levels.2.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Youzify
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-9067 MEDIUM This Month

The Youzify - BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Youzify
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-8987 MEDIUM This Month

The Youzify - BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's youzify_media. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Youzify
NVD
CVSS 3.1
6.4
EPSS
0.4%
CVE-2024-37494 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in KaineLabs Youzify.2.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Youzify
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-4742 MEDIUM This Month

The Youzify - BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to SQL Injection via the order_by shortcode attribute in all. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi WordPress Youzify
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-2864 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in KaineLabs Youzify - Buddypress Moderation.2.5. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Youzify
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2023-47191 MEDIUM This Month

Authorization Bypass Through User-Controlled Key vulnerability in KaineLabs Youzify - BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress.2.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Youzify
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-0059 MEDIUM POC This Month

The Youzify WordPress plugin before 1.2.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Youzify
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-1950 CRITICAL POC Act Now

The Youzify WordPress plugin before 1.2.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Youzify
NVD WPScan
CVSS 3.1
9.8
EPSS
4.3%
CVE-2021-24443 MEDIUM POC This Month

The About Me widget of the Youzify - BuddyPress Community, User Profile, Social Network & Membership WordPress plugin before 1.0.7 does not properly sanitise its Biography field, allowing any. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Youzify
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
EPSS 0% CVSS 8.8
HIGH This Week

Missing Authorization vulnerability in KaineLabs Youzify allows Exploiting Incorrectly Configured Access Control Security Levels.2.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Youzify
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

The Youzify - BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Youzify
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

The Youzify - BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's youzify_media. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Youzify
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in KaineLabs Youzify.2.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Youzify
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

The Youzify - BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to SQL Injection via the order_by shortcode attribute in all. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi WordPress Youzify
NVD
EPSS 0% CVSS 7.3
HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in KaineLabs Youzify - Buddypress Moderation.2.5. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Youzify
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Authorization Bypass Through User-Controlled Key vulnerability in KaineLabs Youzify - BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress.2.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Youzify
NVD
EPSS 0% CVSS 5.4
MEDIUM POC This Month

The Youzify WordPress plugin before 1.2.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Youzify
NVD WPScan
EPSS 4% CVSS 9.8
CRITICAL POC Act Now

The Youzify WordPress plugin before 1.2.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Youzify
NVD WPScan
EPSS 1% CVSS 5.4
MEDIUM POC This Month

The About Me widget of the Youzify - BuddyPress Community, User Profile, Social Network & Membership WordPress plugin before 1.0.7 does not properly sanitise its Biography field, allowing any. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Youzify
NVD WPScan

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy