Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

youzify — Vulnerabilities & Security Advisories 8

Browse all 8 CVE security advisories affecting youzify. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Youzify is a WordPress plugin that provides social networking features, allowing users to create community-driven websites. Historically, it has been vulnerable to multiple security issues, including remote code execution, cross-site scripting, and privilege escalation vulnerabilities, with eight CVEs recorded. These flaws often stem from insufficient input validation and improper access controls. The plugin's complex functionality increases its attack surface, making it a target for exploitation. While no major public incidents have been widely documented, its vulnerability history suggests potential risks for unpatched implementations, emphasizing the need for timely updates and security hardening.

Top products by youzify: Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress Youzify
CVE IDTitleCVSSSeverityPublished
CVE-2026-1559 Youzify <= 1.3.6 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'checkin_place_id' Parameter — Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPressCWE-79 6.4 Medium2026-04-18
CVE-2025-69014 WordPress Youzify plugin <= 1.3.7 - Server Side Request Forgery (SSRF) vulnerability — YouzifyCWE-918 4.9 Medium2025-12-30
CVE-2024-13370 Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress <= 1.3.3 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update (save_addon_key_license) — Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPressCWE-862 6.5 Medium2025-01-25
CVE-2024-13368 Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress <= 1.3.4 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update — Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPressCWE-862 4.3 Medium2025-01-25
CVE-2024-12113 Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress By KaineLabs <= 1.3.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Review Deletion — Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPressCWE-862 4.3 Medium2025-01-25
CVE-2024-9067 Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress <= 1.3.0 - Missing Authorization to Arbitrary (Subscriber+) Attachment Deletion — Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPressCWE-862 4.3 Medium2024-10-10
CVE-2024-8987 Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress <= 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via youzify_media Shortcode — Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPressCWE-79 6.4 Medium2024-10-10
CVE-2024-4742 Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress <= 1.2.5 - Authenticated (Contributor+) SQL Injection — Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPressCWE-89 6.5 Medium2024-06-20

This page lists every published CVE security advisory associated with youzify. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.