Youzify < 1.2.0 - Unauthenticated SQLi

The Youzify WordPress plugin before 1.2.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection id: CVE-2022-1950 info: name: Youzify 1.2.0 - Unauthenticated SQLi author:...

CVE-2026-1559

The Youzify plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'checkinplaceid' parameter in all versions up to, and including, 1.3.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access...

WordPress Youzify plugin <= 1.3.6 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'checkin_place_id' Parameter vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting via 'checkinplaceid' Parameter vulnerability discovered by Tharadol Suksamran d3kc4rt1 in WordPress Plugin Youzify versions = 1.3.6...

CVE-2026-1559

The Youzify plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'checkinplaceid' parameter in all versions up to, and including, 1.3.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access...

EUVD-2026-23622

The Youzify plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'checkinplaceid' parameter in all versions up to, and including, 1.3.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access...

CVE-2026-1559

The Youzify WordPress plugin is affected by CVE-2026-1559, a Stored Cross‑Site Scripting vulnerability. It enables authenticated users with Subscriber+ rights to inject scripts via the checkin_place_id parameter in versions up to 1.3.6 due to insufficient input sanitization and output escaping; s...

CVE-2026-1559

The Youzify plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'checkinplaceid' parameter in all versions up to, and including, 1.3.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access...

CVE-2026-1559 Youzify <= 1.3.6 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'checkin_place_id' Parameter

The Youzify plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'checkinplaceid' parameter in all versions up to, and including, 1.3.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access...

CVE-2026-1559 Youzify <= 1.3.6 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'checkin_place_id' Parameter

The Youzify plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'checkinplaceid' parameter in all versions up to, and including, 1.3.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access...

WordPress plugin Youzify 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

PT-2026-33579

The Youzify plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'checkin place id' parameter in all versions up to, and including, 1.3.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level acce...

CVE-2024-39635

Missing Authorization vulnerability in KaineLabs Youzify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Youzify: from n/a through 1.2.6...

CVE-2025-69014

Server-Side Request Forgery SSRF vulnerability in Youzify Youzify youzify allows Server Side Request Forgery.This issue affects Youzify: from n/a through = 1.3.7...

WordPress Youzify plugin <= 1.3.3 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update (save_addon_key_license) vulnerability

Missing Authorization to Authenticated Subscriber+ Limited Options Update saveaddonkeylicense vulnerability discovered by Stiofan - AyeCode Ltd in WordPress Plugin Youzify versions = 1.3.3...

EUVD-2025-205730

Server-Side Request Forgery SSRF vulnerability in Youzify Youzify youzify allows Server Side Request Forgery.This issue affects Youzify: from n/a through = 1.3.5...

CVE-2025-69014

Server-Side Request Forgery SSRF vulnerability in Youzify Youzify youzify allows Server Side Request Forgery.This issue affects Youzify: from n/a through = 1.3.7...

CVE-2025-69014 WordPress Youzify plugin <= 1.3.7 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in Youzify Youzify youzify allows Server Side Request Forgery.This issue affects Youzify: from n/a through = 1.3.7...

CVE-2025-69014 WordPress Youzify plugin <= 1.3.7 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in Youzify Youzify youzify allows Server Side Request Forgery.This issue affects Youzify: from n/a through = 1.3.7...

CVE-2025-69014

CVE-2025-69014 : Youzify (WordPress plugin) is affected up to version 1.3.5 by a Server-Side Request Forgery (SSRF). The entry indicates the issue is exploitable via network access, requires HIGH privileges, and involves no user interaction, with confidentiality impact rated High. The Wordfence s...

WordPress plugin Youzify 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...