Vulnerability CVE-2022-0779


Published: 2022-06-08

Description:
The User Meta WordPress plugin before 2.4.4 does not validate the filepath parameter of its um_show_uploaded_file AJAX action, which could allow low privileged users such as subscriber to enumerate the local files on the web server via path traversal payloads

See advisories in our WLB2 database:
Topic
Author
Date
Low
WordPress User Meta Lite / Pro 2.4.3 Path Traversal
Julien Ahrens
31.05.2022

Type:

CWE-22

(Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'))

 References:
https://wpscan.com/vulnerability/9d4a3f09-b011-4d87-ab63-332e505cf1cd

Copyright 2022, cxsecurity.com

 

Back to Top