2 matches found
CVE-2024-4742 Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress <= 1.2.5 - Authenticated (Contributor+) SQL Injection
The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to SQL Injection via the orderby shortcode attribute in all versions up to, and including, 1.2.5 due to insufficient escaping on the user supplied parameter and la...
CVE-2024-4742
CVE-2024-4742 affects the Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress up to version 1.2.5, with an SQL Injection vulnerability via the order_by shortcode attribute. Exploitation requires authenticated access at Contributor level or higher, enabli...