CVE-2022-0779

CVE-2022-0779: User Meta < 2.4.4 - Subscriber+ Local File Enumeration via Path Traversal

Vendor Unknown
Product User Meta – User Profile Builder and User management plugin
Weakness CWE-22 · Path traversal
Published June 6, 2022
Last update August 2, 2024

CVSS base score

What the vulnerability does

01Description

The User Meta WordPress plugin before 2.4.4 does not validate the filepath parameter of its um_show_uploaded_file AJAX action, which could allow low privileged users such as subscriber to enumerate the local files on the web server via path traversal payloads

Key dates

02Disclosure timeline

June 6, 2022 CVE published
August 2, 2024 Record updated