CVE-2023-47191: 
WordPress vulnerability analysis and mitigation

An Authorization Bypass Through User-Controlled Key vulnerability was discovered in KaineLabs Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress, affecting versions through 1.2.2. The vulnerability was reported on September 9, 2023, and publicly disclosed on November 3, 2023. This security issue is tracked as CVE-2023-47191 and has been classified as an Insecure Direct Object Reference (IDOR) vulnerability (Patchstack).

The vulnerability has been assigned a CVSS v3.1 base score of 6.5 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N according to NIST's assessment. The vulnerability is classified under CWE-639 (Authorization Bypass Through User-Controlled Key) and requires subscriber-level privileges to exploit (NVD).

The vulnerability could allow a malicious actor to bypass authorization and authentication mechanisms, potentially leading to unauthorized access to sensitive files, folders, or database interactions. The CVSS score of 6.5 indicates a significant security risk that could result in high confidentiality impact (Patchstack).

The vulnerability has been fixed in version 1.2.3 of the Youzify plugin. Users are strongly advised to update to version 1.2.3 or later immediately. For users unable to update immediately, Patchstack has issued a virtual patch to mitigate this issue by blocking potential attacks (Patchstack).