CVE-2022-1950

State: PUBLISHED · Published: 2022-08-01 · Updated: 2024-08-03 · Assigner: WPScan

Description

The Youzify WordPress plugin before 1.2.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection

CWE

CWE-89 — CWE-89 SQL Injection

Affected

Unknown / Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress — v=1.2.0 <1.2.0 [affected]

CVSS

(none)

References

https://wpscan.com/vulnerability/4352283f-dd43-4827-b417-0c55d0f4637d x_refsource_MISC

Source

cvelistV5-main/cves/2022/1xxx/CVE-2022-1950.json