3 matches found
CVE-2024-9067 Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress <= 1.3.0 - Missing Authorization to Arbitrary (Subscriber+) Attachment Deletion
The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'deleteattachment' function in all versions up to, and including, 1.3.0. This makes i...
CVE-2024-9067
The CVE-2024-9067 entry concerns Youzify for WordPress. A missing capability check in the delete_attachment function across versions up to 1.3.0 allows authenticated users with Subscriber+ privileges to modify data by deleting arbitrary attachments. This is a Broken Access Control issue in Youzif...
WordPress Youzify Plugin <= 1.3.0 is vulnerable to Broken Access Control
Software Youzify Type Plugin Vulnerable versions = 1.3.0 Fixed in 1.3.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-9067 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID d8d6ded5ddf5 Credits Francesco Carlucci Required privilege...