Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 10:45 a.m.13 views

CVE-2022-0779

The User Meta WordPress plugin before 2.4.4 does not validate the filepath parameter of its umshowuploadedfile AJAX action, which could allow low privileged users such as subscriber to enumerate the local files on the web server via path traversal payloads...

6.5CVSS6.6AI score0.02233EPSS
Exploits5References1
Cvelist
Cvelist
added 2022/06/06 8:50 a.m.22 views

CVE-2022-0779 User Meta < 2.4.4 - Subscriber+ Local File Enumeration via Path Traversal

The User Meta WordPress plugin before 2.4.4 does not validate the filepath parameter of its umshowuploadedfile AJAX action, which could allow low privileged users such as subscriber to enumerate the local files on the web server via path traversal payloads...

6.6AI score0.02233EPSS
Exploits5References1
CVE
CVE
added 2022/06/06 8:50 a.m.86 views

CVE-2022-0779

CVE-2022-0779 affects the WordPress plugin User Meta (before 2.4.4). The vulnerability stems from the Ajax action um_show_uploaded_file not validating the filepath parameter, enabling a low-privilege user (e.g., subscriber) to perform path traversal and enumerate local server files. The Red Hat a...

6.5CVSS6.3AI score0.02233EPSS
Exploits5References1Affected Software1
0day.today
0day.today
added 2022/05/31 12:0 a.m.380 views

WordPress User Meta Lite / Pro 2.4.3 Path Traversal Vulnerability

RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: User Meta Vendor URL: https://wordpress.org/plugins/user-meta Type: Relative Path Traversal CWE-23 Date found: 2022-02-28 Date published: 2022-05-24 CVSSv3 Score: 4.3...

6.5CVSS0.4AI score0.02233EPSS
Exploits5
Packet Storm
Packet Storm
added 2022/05/30 12:0 a.m.288 views

WordPress User Meta Lite / Pro 2.4.3 Path Traversal

RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: User Meta Vendor URL: https://wordpress.org/plugins/user-meta Type: Relative Path Traversal CWE-23 Date found: 2022-02-28 Date published: 2022-05-24 CVSSv3 Score: 4.3...

0.2AI score0.02233EPSS
Exploits5
Rows per page
Query Builder