User Meta User Profile Builder And User Management Security Vulnerabilities and Issues — User Meta User Profile Builder And User Management CVE List

Lucene search

User-metaUser Meta User Profile Builder And User Management

5 matches found

CVE•added 2024/07/29 6:15 a.m.•85 views

CVE-2024-6366

The User Profile Builder WordPress plugin before 3.11.8 does not have proper authorisation, allowing unauthenticated users to upload media files via the async upload functionality of WP.

9.1CVSS6.6AI score0.87757EPSS

CVE•added 2022/05/30 9:15 a.m.•71 views

CVE-2022-0376

The User Meta WordPress plugin before 2.4.3 does not sanitise and escape the Form Name, as well as Shared Field Labels before outputting them in the admin dashboard when editing a form, which could allow high privilege users to perform Cross-Site Scripting attacks even when unfiltered_html is disal...

4.8CVSS4.8AI score0.00267EPSS

CVE•added 2022/06/08 10:15 a.m.•68 views

CVE-2022-0779

The User Meta WordPress plugin before 2.4.4 does not validate the filepath parameter of its um_show_uploaded_file AJAX action, which could allow low privileged users such as subscriber to enumerate the local files on the web server via path traversal payloads

6.5CVSS6.3AI score0.15118EPSS

CVE•added 2024/07/31 6:15 a.m.•52 views

CVE-2024-6695

it's possible for an attacker to gain administrative access without having any kind of account on the targeted site and perform unauthorized actions. This is due to improper logic flow on the user registration process.

9.8CVSS6.7AI score0.00296EPSS

CVE•added 2025/05/15 8:15 p.m.•17 views

CVE-2024-6708

The User Profile Builder WordPress plugin before 3.12.2 does not sanitise and escape some parameters before outputting its content on the admin area, which allows Admin+ users to perform Cross-Site Scripting attacks.

4.8CVSS6.1AI score0.00046EPSS