CVE-2021-24443

Name of the Vulnerable Software and Affected Versions Youzify – BuddyPress Community, User Profile, Social Network & Membership WordPress plugin versions prior to 1.0.7

Description The issue concerns the About Me widget's Biography field, which does not properly sanitise input. This allows any authenticated user to set Cross-Site Scripting payloads, potentially leading to unauthorised access to the admin side of the blog when an admin views the affected user profile.

Recommendations For versions prior to 1.0.7, update to version 1.0.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the About Me widget's Biography field to prevent low-privilege users from setting malicious payloads.