5 matches found
CVE-2022-0779
The User Meta WordPress plugin before 2.4.4 does not validate the filepath parameter of its umshowuploadedfile AJAX action, which could allow low privileged users such as subscriber to enumerate the local files on the web server via path traversal payloads...
CVE-2022-0779 User Meta < 2.4.4 - Subscriber+ Local File Enumeration via Path Traversal
The User Meta WordPress plugin before 2.4.4 does not validate the filepath parameter of its umshowuploadedfile AJAX action, which could allow low privileged users such as subscriber to enumerate the local files on the web server via path traversal payloads...
CVE-2022-0779
CVE-2022-0779 affects the WordPress plugin User Meta (before 2.4.4). The vulnerability stems from the Ajax action um_show_uploaded_file not validating the filepath parameter, enabling a low-privilege user (e.g., subscriber) to perform path traversal and enumerate local server files. The Red Hat a...
WordPress User Meta Lite / Pro 2.4.3 Path Traversal Vulnerability
RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: User Meta Vendor URL: https://wordpress.org/plugins/user-meta Type: Relative Path Traversal CWE-23 Date found: 2022-02-28 Date published: 2022-05-24 CVSSv3 Score: 4.3...
WordPress User Meta Lite / Pro 2.4.3 Path Traversal
RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: User Meta Vendor URL: https://wordpress.org/plugins/user-meta Type: Relative Path Traversal CWE-23 Date found: 2022-02-28 Date published: 2022-05-24 CVSSv3 Score: 4.3...