Primary

Context

Youzify BuddyPress Community Plugin for WordPress Missing Authorization Vulnerability Allowing Review Deletion

Vulnerability

Patched

A vulnerability exists in the Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress, in all versions through 1.3.2. The issue arises from a lack of proper capability checks in the delete_user_review() and delete_review() functions. This flaw enables authenticated users with Subscriber-level access and above to delete reviews written by other users, leading to unauthorized data loss.

Impact

Exploitation of this vulnerability allows for unauthorized deletion of user reviews, potentially disrupting community engagement and user interactions on the platform.

Remediation

Users are advised to update the Youzify BuddyPress Community Plugin for WordPress to version 1.3.3 or a newer patched version.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

0.6

exploitability

5.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

0.6

exploitability

5.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Youzify BuddyPress Community Plugin for WordPress Missing Authorization Vulnerability Allowing Review Deletion

Vulnerability

Impact

Remediation

Affected Products

Youzify

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating