cleantalk
Vulnerabilities and Security Researches

Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress, CVE-2024-9067

CVE, Research URL

CVE-2024-9067

Home page URL

Security reports for Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress

Application

Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress

Published on
Oct 10, 2024
Research Description
The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'delete_attachment' function in all versions up to, and including, 1.3.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary attachments.
Affected versions
max 1.3.1.
Status
vulnerable
Previous vulnerability researches
Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress (CVE-2024-4742) , Jun 22, 2024
Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress (CVE-2025-69014) , Jan 10, 2026
Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress (CVE-2022-1950) , Jun 07, 2024
Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress (CVE-2023-0059) , Jun 07, 2024
Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress (CVE-2023-47191) , Jun 07, 2024
New vulnerability
CubeWP – All-in-One Dynamic Content Framework (CVE-2025-8615) , Apr 20, 2026
Hostel (CVE-2026-1838) , Apr 20, 2026
Content Blocks (Custom Post Widget) (CVE-2026-0894) , Apr 20, 2026
Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress (CVE-2026-1559) , Apr 20, 2026
Frontend File Manager Plugin (CVE-2026-1280) , Apr 20, 2026