cleantalk
Vulnerabilities and Security Researches

Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress, CVE-2024-13370

CVE, Research URL

CVE-2024-13370

Home page URL

Security reports for Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress

Application

Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress

Published on
Jan 25, 2025
Research Description
The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the save_addon_key_license() function in all versions up to, and including, 1.3.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options to a value of a valid license key.
Affected versions
max 1.3.4.
Status
vulnerable
Previous vulnerability researches
Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress (CVE-2024-4742) , Jun 22, 2024
Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress (CVE-2025-69014) , Jan 10, 2026
Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress (CVE-2022-1950) , Jun 07, 2024
Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress (CVE-2023-0059) , Jun 07, 2024
Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress (CVE-2023-47191) , Jun 07, 2024
New vulnerability
CubeWP – All-in-One Dynamic Content Framework (CVE-2025-8615) , Apr 20, 2026
Hostel (CVE-2026-1838) , Apr 20, 2026
Content Blocks (Custom Post Widget) (CVE-2026-0894) , Apr 20, 2026
Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress (CVE-2026-1559) , Apr 20, 2026
Frontend File Manager Plugin (CVE-2026-1280) , Apr 20, 2026