User Meta < 2.4.4 - Subscriber+ Local File Enumeration via Path Traversal
CVE-2022-0779

6.5MEDIUM

Key Information:

Vendor: Wordpress
Status: User Meta – User Profile Builder And User Management Plugin
Vendor: CVE Published:; 6 June 2022

Summary

The User Meta WordPress plugin before 2.4.4 does not validate the filepath parameter of its um_show_uploaded_file AJAX action, which could allow low privileged users such as subscriber to enumerate the local files on the web server via path traversal payloads

Affected Version(s)

User Meta – User Profile Builder and User management plugin 2.4.4

References

https://wpscan.com/vulnerability/9d4a3f09-b011-4d87-ab63-...

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 6, 2022
Vulnerability Reserved
Feb 28, 2022

Credit

Julien Ahrens