CVE-2022-1950: 
WordPress vulnerability analysis and mitigation

CVE-2022-1950 affects the Youzify WordPress plugin versions before 1.2.0. The vulnerability was discovered and publicly disclosed on July 11, 2022. This security issue impacts WordPress installations using the affected versions of the Youzify plugin (WPScan).

The vulnerability is an unauthenticated SQL injection that occurs because the plugin does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action. This vulnerability is accessible to unauthenticated users, making it particularly severe. The issue has been assigned a CVSS score of 8.6 (High) and is classified under CWE-89 and OWASP Top 10 category A1: Injection (WPScan).

This vulnerability allows unauthenticated attackers to perform SQL injection attacks against affected WordPress installations. Attackers can potentially extract sensitive information from the database, including user credentials and other confidential data stored in the WordPress database (WPScan).

The vulnerability has been fixed in Youzify version 1.2.0. Users are strongly advised to update to this version or later to protect their WordPress installations from potential attacks (WPScan).