CVE-2022-1950 Youzify < 1.2.0 - Unauthenticated SQLi

2022-08-0112:49:04

CWE-89

WPScan

www.cve.org

0.002 Low

EPSS

Percentile

57.8%

JSON

The Youzify WordPress plugin before 1.2.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection

CNA Affected

[
  {
    "product": "Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "1.2.0",
        "status": "affected",
        "version": "1.2.0",
        "versionType": "custom"
      }
    ]
  }
]

References

wpscan.com/vulnerability/4352283f-dd43-4827-b417-0c55d0f4637d

0.002 Low

EPSS

Percentile

57.8%

JSON

Related for CVELIST:CVE-2022-1950