The Youzify β BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to SQL Injection via the order_by shortcode attribute in all versions up to, and including, 1.2.5 due to insufficient escaping on the user supplied parameter and...
9.8CVSS
9.5AI Score
0.001EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PeepSo Community by PeepSo β Social Network, Membership, Registration, User Profiles allows Stored XSS.This issue affects Community by PeepSo β Social Network, Membership, Registration, User...
6.5CVSS
5.8AI Score
0.0004EPSS
Authorization Bypass Through User-Controlled Key vulnerability in KaineLabs Youzify β BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress.This issue affects Youzify β BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress: from n/a...
6.5CVSS
6.5AI Score
0.0005EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PeepSo Community by PeepSo β Social Network, Membership, Registration, User Profiles allows Reflected XSS.This issue affects Community by PeepSo β Social Network, Membership, Registration, User...
7.1CVSS
6.5AI Score
0.0005EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PeepSo Community by PeepSo β Social Network, Membership, Registration, User Profiles allows Stored XSS.This issue affects Community by PeepSo β Social Network, Membership, Registration, User...
6.5CVSS
5.8AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Community by PeepSo β Social Network, Membership, Registration, User Profiles plugin <= 6.0.9.0...
8.8CVSS
8.7AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Community by PeepSo β Social Network, Membership, Registration, User Profiles plugin <= 6.0.2.0...
8.8CVSS
8.8AI Score
0.001EPSS
The Youzify WordPress plugin before 1.2.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL...
9.8CVSS
9.8AI Score
0.002EPSS
The About Me widget of the Youzify β BuddyPress Community, User Profile, Social Network & Membership WordPress plugin before 1.0.7 does not properly sanitise its Biography field, allowing any authenticated user to set Cross-Site Scripting payloads in it, which will be executed when viewing the...
5.4CVSS
5.4AI Score
0.001EPSS
SQL injection vulnerability in user.php in Social Network Community 2 allows remote attackers to execute arbitrary SQL commands via the userId...
8.7AI Score
0.002EPSS
SQL injection vulnerability in user.php in Hi Web Wiesbaden Web 2.0 Social Network Freunde Community System allows remote attackers to execute arbitrary SQL commands via the id parameter in a showgallery...
8.6AI Score
0.001EPSS