Fergustr4N

**Name of the Vulnerable Software and Affected Versions** Youzify – BuddyPress Community, User Profile, Social Network & Membership WordPress plugin versions prior to 1.0.7 **Description** The issue concerns the About Me widget's Biography field, which does not properly sanitise input. This allows any authenticated user to set Cross-Site Scripting payloads, potentially leading to unauthorised access to the admin side of the blog when an admin views the affected user profile. **Recommendations** For versions prior to 1.0.7, update to version 1.0.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the About Me widget's Biography field to prevent low-privilege users from setting malicious payloads.