cleantalk
Vulnerabilities and Security Researches

Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress, CVE-2023-0059

CVE, Research URL

CVE-2023-0059

Home page URL

Security reports for Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress

Application

Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress

Published on
Feb 21, 2023
Research Description
The Youzify WordPress plugin before 1.2.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
Affected versions
max 1.2.2.
Status
vulnerable
Previous vulnerability researches
Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress (CVE-2024-4742) , Jun 22, 2024
Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress (CVE-2025-69014) , Jan 10, 2026
Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress (CVE-2022-1950) , Jun 07, 2024
Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress (CVE-2023-0059) , Jun 07, 2024
Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress (CVE-2023-47191) , Jun 07, 2024
New vulnerability
CubeWP – All-in-One Dynamic Content Framework (CVE-2025-8615) , Apr 20, 2026
Hostel (CVE-2026-1838) , Apr 20, 2026
Content Blocks (Custom Post Widget) (CVE-2026-0894) , Apr 20, 2026
Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress (CVE-2026-1559) , Apr 20, 2026
Frontend File Manager Plugin (CVE-2026-1280) , Apr 20, 2026