3 matches found
Youzify < 1.2.0 - Unauthenticated SQLi
The Youzify WordPress plugin before 1.2.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection id: CVE-2022-1950 info: name: Youzify 1.2.0 - Unauthenticated SQLi author:...
CVE-2022-1950
creationtimestamp| type| source ---|---|--- 2022-08-01 16:16:50+00:00| seen| https://t.me/cibsecurity/47313 2025-04-23 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities - 2025-04-23 2025-05-20 08:12:15+00:00| confirmed|...
CVE-2022-1950
CVE-2022-1950 affects the Youzify WordPress plugin for versions before 1.2.0. The root cause is a parameter that is not sanitized/escaped before being used in a SQL statement in an unauthenticated AJAX action, enabling unauthenticated SQL injection. Impact described across sources includes the ab...