Skip to main content

User Meta User Profile Builder And User Management

2 CVEs product

Monthly

CVE-2022-0779 MEDIUM POC This Month

The User Meta WordPress plugin before 2.4.4 does not validate the filepath parameter of its um_show_uploaded_file AJAX action, which could allow low privileged users such as subscriber to enumerate. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Path Traversal User Meta User Profile Builder And User Management
NVD WPScan
CVSS 3.1
6.5
EPSS
2.2%
CVE-2022-0376 MEDIUM POC This Month

The User Meta WordPress plugin before 2.4.3 does not sanitise and escape the Form Name, as well as Shared Field Labels before outputting them in the admin dashboard when editing a form, which could. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress User Meta User Profile Builder And User Management
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
EPSS 2% CVSS 6.5
MEDIUM POC This Month

The User Meta WordPress plugin before 2.4.4 does not validate the filepath parameter of its um_show_uploaded_file AJAX action, which could allow low privileged users such as subscriber to enumerate. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Path Traversal User Meta User Profile Builder And User Management
NVD WPScan
EPSS 1% CVSS 4.8
MEDIUM POC This Month

The User Meta WordPress plugin before 2.4.3 does not sanitise and escape the Form Name, as well as Shared Field Labels before outputting them in the admin dashboard when editing a form, which could. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress User Meta User Profile Builder And User Management
NVD WPScan

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy