cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-9067,https://securityvulnerability.io/vulnerability/CVE-2024-9067,Arbitrary Attachment Deletion Vulnerability in Youzify BuddyPress Plugin,"The Youzify plugin for WordPress, which facilitates community, user profiles, and membership functionalities, is susceptible to an unauthorized modification of data. This vulnerability arises from the absence of a necessary capability check within the 'delete_attachment' function. As a result, authenticated users with Subscriber-level access or higher can potentially delete arbitrary attachments. This flaw impacts all versions of the Youzify plugin up to and including version 1.3.0, posing a risk to user data integrity and community resources.",Wordpress,"Youzify – Buddypress Community, User Profile, Social Network & Membership Plugin For WordPress",4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-10-10T02:06:12.657Z,0
CVE-2024-8987,https://securityvulnerability.io/vulnerability/CVE-2024-8987,Youzify BuddyPress Plugin Vulnerable to Stored Cross-Site Scripting,"The Youzify plugin, which enhances BuddyPress for WordPress sites, is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability that arises from improper input sanitization and output escaping in the youzify_media shortcode. This issue affects all versions up to and including 1.3.0. Authenticated users with contributor-level access or higher can exploit this flaw, allowing them to inject malicious web scripts into pages. These scripts will execute whenever an unsuspecting user accesses the compromised pages, potentially leading to unauthorized actions and data theft.",Wordpress,"Youzify – Buddypress Community, User Profile, Social Network & Membership Plugin For WordPress",5.4,MEDIUM,0.0005300000193528831,false,,false,false,false,,false,false,2024-10-10T02:06:05.259Z,0
CVE-2024-4742,https://securityvulnerability.io/vulnerability/CVE-2024-4742,Youzify BuddyPress Plugin Vulnerable to SQL Injection,"The Youzify BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress is susceptible to an SQL Injection vulnerability. This flaw is due to inadequate escaping of user-supplied parameters in the order_by shortcode attribute, leading to potential manipulation of SQL queries. Authenticated users with Contributor-level access or higher can exploit this vulnerability to inject additional SQL commands into existing database queries. Such actions may result in unauthorized access to sensitive information stored in the database, highlighting the need for immediate attention to secure the affected versions of the plugin.",Wordpress,"Youzify – Buddypress Community, User Profile, Social Network & Membership Plugin For WordPress",8.8,HIGH,0.0005000000237487257,false,,false,false,false,,false,false,2024-06-20T02:08:20.417Z,0
CVE-2023-47191,https://securityvulnerability.io/vulnerability/CVE-2023-47191,WordPress Youzify Plugin <= 1.2.2 is vulnerable to Insecure Direct Object References (IDOR),"Authorization Bypass Through User-Controlled Key vulnerability in KaineLabs Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress.This issue affects Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress: from n/a through 1.2.2.

",Wordpress,"Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress",6.5,MEDIUM,0.0006200000061653554,false,,false,false,false,,false,false,2023-12-21T19:15:00.000Z,0
CVE-2022-1950,https://securityvulnerability.io/vulnerability/CVE-2022-1950,Youzify < 1.2.0 - Unauthenticated SQLi,"The Youzify WordPress plugin before 1.2.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection",Wordpress,"Youzify – Buddypress Community, User Profile, Social Network & Membership Plugin For WordPress",9.8,CRITICAL,0.00267999991774559,false,,false,false,false,,false,false,2022-08-01T12:49:04.000Z,0
CVE-2021-24443,https://securityvulnerability.io/vulnerability/CVE-2021-24443,Youzify < 1.0.7 - Stored Cross-Site Scripting via Biography,"The About Me widget of the Youzify – BuddyPress Community, User Profile, Social Network & Membership WordPress plugin before 1.0.7 does not properly sanitise its Biography field, allowing any authenticated user to set Cross-Site Scripting payloads in it, which will be executed when viewing the affected user profile. This could allow a low privilege user to gain unauthorised access to the admin side of the blog by targeting an admin, inducing them to view their profile with a malicious payload adding a rogue account for example.",Wordpress,"Youzify – Buddypress Community, User Profile, Social Network & Membership Plugin For WordPress",5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2021-08-02T10:31:57.000Z,0