Search criteria
4 vulnerabilities found for Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress by Unknown
CVE-2022-1950 (GCVE-0-2022-1950)
Vulnerability from cvelistv5 – Published: 2022-08-01 12:49 – Updated: 2024-08-03 00:24
VLAI?
Title
Youzify < 1.2.0 - Unauthenticated SQLi
Summary
The Youzify WordPress plugin before 1.2.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection
Severity ?
No CVSS data available.
CWE
- CWE-89 - SQL Injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress |
Affected:
1.2.0 , < 1.2.0
(custom)
|
Credits
cydave
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:24:43.422Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/4352283f-dd43-4827-b417-0c55d0f4637d"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Youzify \u2013 BuddyPress Community, User Profile, Social Network \u0026 Membership Plugin for WordPress",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.2.0",
"status": "affected",
"version": "1.2.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "cydave"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Youzify WordPress plugin before 1.2.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-01T12:49:03",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/4352283f-dd43-4827-b417-0c55d0f4637d"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Youzify \u003c 1.2.0 - Unauthenticated SQLi",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-1950",
"STATE": "PUBLIC",
"TITLE": "Youzify \u003c 1.2.0 - Unauthenticated SQLi"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Youzify \u2013 BuddyPress Community, User Profile, Social Network \u0026 Membership Plugin for WordPress",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.2.0",
"version_value": "1.2.0"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "cydave"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Youzify WordPress plugin before 1.2.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/4352283f-dd43-4827-b417-0c55d0f4637d",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/4352283f-dd43-4827-b417-0c55d0f4637d"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-1950",
"datePublished": "2022-08-01T12:49:04",
"dateReserved": "2022-05-31T00:00:00",
"dateUpdated": "2024-08-03T00:24:43.422Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24443 (GCVE-0-2021-24443)
Vulnerability from cvelistv5 – Published: 2021-08-02 10:31 – Updated: 2024-08-03 19:28
VLAI?
Title
Youzify < 1.0.7 - Stored Cross-Site Scripting via Biography
Summary
The About Me widget of the Youzify – BuddyPress Community, User Profile, Social Network & Membership WordPress plugin before 1.0.7 does not properly sanitise its Biography field, allowing any authenticated user to set Cross-Site Scripting payloads in it, which will be executed when viewing the affected user profile. This could allow a low privilege user to gain unauthorised access to the admin side of the blog by targeting an admin, inducing them to view their profile with a malicious payload adding a rogue account for example.
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress |
Affected:
1.0.7 , < 1.0.7
(custom)
|
Credits
Phu Tran from techlabcorp.com
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:28:23.962Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/a4432acd-df49-4a4f-8184-b55cdd5d4d34"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Youzify \u2013 BuddyPress Community, User Profile, Social Network \u0026 Membership Plugin for WordPress",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.0.7",
"status": "affected",
"version": "1.0.7",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Phu Tran from techlabcorp.com"
}
],
"descriptions": [
{
"lang": "en",
"value": "The About Me widget of the Youzify \u2013 BuddyPress Community, User Profile, Social Network \u0026 Membership WordPress plugin before 1.0.7 does not properly sanitise its Biography field, allowing any authenticated user to set Cross-Site Scripting payloads in it, which will be executed when viewing the affected user profile. This could allow a low privilege user to gain unauthorised access to the admin side of the blog by targeting an admin, inducing them to view their profile with a malicious payload adding a rogue account for example."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-02T10:31:57",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/a4432acd-df49-4a4f-8184-b55cdd5d4d34"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Youzify \u003c 1.0.7 - Stored Cross-Site Scripting via Biography",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24443",
"STATE": "PUBLIC",
"TITLE": "Youzify \u003c 1.0.7 - Stored Cross-Site Scripting via Biography"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Youzify \u2013 BuddyPress Community, User Profile, Social Network \u0026 Membership Plugin for WordPress",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.0.7",
"version_value": "1.0.7"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Phu Tran from techlabcorp.com"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The About Me widget of the Youzify \u2013 BuddyPress Community, User Profile, Social Network \u0026 Membership WordPress plugin before 1.0.7 does not properly sanitise its Biography field, allowing any authenticated user to set Cross-Site Scripting payloads in it, which will be executed when viewing the affected user profile. This could allow a low privilege user to gain unauthorised access to the admin side of the blog by targeting an admin, inducing them to view their profile with a malicious payload adding a rogue account for example."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/a4432acd-df49-4a4f-8184-b55cdd5d4d34",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/a4432acd-df49-4a4f-8184-b55cdd5d4d34"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24443",
"datePublished": "2021-08-02T10:31:57",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:28:23.962Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1950 (GCVE-0-2022-1950)
Vulnerability from nvd – Published: 2022-08-01 12:49 – Updated: 2024-08-03 00:24
VLAI?
Title
Youzify < 1.2.0 - Unauthenticated SQLi
Summary
The Youzify WordPress plugin before 1.2.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection
Severity ?
No CVSS data available.
CWE
- CWE-89 - SQL Injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress |
Affected:
1.2.0 , < 1.2.0
(custom)
|
Credits
cydave
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:24:43.422Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/4352283f-dd43-4827-b417-0c55d0f4637d"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Youzify \u2013 BuddyPress Community, User Profile, Social Network \u0026 Membership Plugin for WordPress",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.2.0",
"status": "affected",
"version": "1.2.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "cydave"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Youzify WordPress plugin before 1.2.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-01T12:49:03",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/4352283f-dd43-4827-b417-0c55d0f4637d"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Youzify \u003c 1.2.0 - Unauthenticated SQLi",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-1950",
"STATE": "PUBLIC",
"TITLE": "Youzify \u003c 1.2.0 - Unauthenticated SQLi"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Youzify \u2013 BuddyPress Community, User Profile, Social Network \u0026 Membership Plugin for WordPress",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.2.0",
"version_value": "1.2.0"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "cydave"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Youzify WordPress plugin before 1.2.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/4352283f-dd43-4827-b417-0c55d0f4637d",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/4352283f-dd43-4827-b417-0c55d0f4637d"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-1950",
"datePublished": "2022-08-01T12:49:04",
"dateReserved": "2022-05-31T00:00:00",
"dateUpdated": "2024-08-03T00:24:43.422Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24443 (GCVE-0-2021-24443)
Vulnerability from nvd – Published: 2021-08-02 10:31 – Updated: 2024-08-03 19:28
VLAI?
Title
Youzify < 1.0.7 - Stored Cross-Site Scripting via Biography
Summary
The About Me widget of the Youzify – BuddyPress Community, User Profile, Social Network & Membership WordPress plugin before 1.0.7 does not properly sanitise its Biography field, allowing any authenticated user to set Cross-Site Scripting payloads in it, which will be executed when viewing the affected user profile. This could allow a low privilege user to gain unauthorised access to the admin side of the blog by targeting an admin, inducing them to view their profile with a malicious payload adding a rogue account for example.
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress |
Affected:
1.0.7 , < 1.0.7
(custom)
|
Credits
Phu Tran from techlabcorp.com
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:28:23.962Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/a4432acd-df49-4a4f-8184-b55cdd5d4d34"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Youzify \u2013 BuddyPress Community, User Profile, Social Network \u0026 Membership Plugin for WordPress",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.0.7",
"status": "affected",
"version": "1.0.7",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Phu Tran from techlabcorp.com"
}
],
"descriptions": [
{
"lang": "en",
"value": "The About Me widget of the Youzify \u2013 BuddyPress Community, User Profile, Social Network \u0026 Membership WordPress plugin before 1.0.7 does not properly sanitise its Biography field, allowing any authenticated user to set Cross-Site Scripting payloads in it, which will be executed when viewing the affected user profile. This could allow a low privilege user to gain unauthorised access to the admin side of the blog by targeting an admin, inducing them to view their profile with a malicious payload adding a rogue account for example."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-02T10:31:57",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/a4432acd-df49-4a4f-8184-b55cdd5d4d34"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Youzify \u003c 1.0.7 - Stored Cross-Site Scripting via Biography",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24443",
"STATE": "PUBLIC",
"TITLE": "Youzify \u003c 1.0.7 - Stored Cross-Site Scripting via Biography"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Youzify \u2013 BuddyPress Community, User Profile, Social Network \u0026 Membership Plugin for WordPress",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.0.7",
"version_value": "1.0.7"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Phu Tran from techlabcorp.com"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The About Me widget of the Youzify \u2013 BuddyPress Community, User Profile, Social Network \u0026 Membership WordPress plugin before 1.0.7 does not properly sanitise its Biography field, allowing any authenticated user to set Cross-Site Scripting payloads in it, which will be executed when viewing the affected user profile. This could allow a low privilege user to gain unauthorised access to the admin side of the blog by targeting an admin, inducing them to view their profile with a malicious payload adding a rogue account for example."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/a4432acd-df49-4a4f-8184-b55cdd5d4d34",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/a4432acd-df49-4a4f-8184-b55cdd5d4d34"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24443",
"datePublished": "2021-08-02T10:31:57",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:28:23.962Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}