Is CVE-2022-1950 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

SQL Injection in Youzify – Buddypress Community, User Profile, Social Network & Membership Plugin For Wordpress

CVE-2022-1950

The Youzify WordPress plugin before 1.2.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection

Vulnerability class: SQL Injection

EPSS: 0.597 (98.3th percentile) — read the EPSS interpretation.

Affected products

Unknown Youzify – Buddypress Community, User Profile, Social Network & Membership Plugin For Wordpress — versions 1.2.0

Weakness classification (CWE)

CWE-89 — SQL Injection

Public proof-of-concept exploits

References

wpscan.com/vulnerability/4352283f-dd43-4827-b417-0c55d0f4637d (x_refsource_MISC)

Frequently asked questions

What is CVE-2022-1950?: CVE-2022-1950 is a vulnerability in Youzify – Buddypress Community, User Profile, Social Network & Membership Plugin For Wordpress, classified under SQL Injection. Published 2022-08-01.
Is CVE-2022-1950 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.