CVE-2024-13368

Name of the Vulnerable Software and Affected Versions Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress versions up to, and including, 1.3.2

Description The issue is related to unauthorized access due to a missing capability check on the youzify offer banner() function. This allows authenticated attackers with Subscriber-level access and above to update arbitrary site options to a value of one.

Recommendations For versions up to, and including, 1.3.2, update to a version higher than 1.3.2 to resolve the issue. As a temporary workaround, consider restricting access to the youzify offer banner() function until a patch is available.