CVE Published: 01/08/2022 |
CVE Updated: 03/08/2024 |
CVE Year: 2022 Source: WPScan |
Vendor: Unknown |
Product: Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress Status : PUBLISHED
CVE-2022-1950 Description
The Youzify WordPress plugin before 1.2.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection