User Meta < 2.4.4 - Subscriber+ Local File Enumeration via Path Traversal
CVE-2022-0779
6.5MEDIUM
What is CVE-2022-0779?
The User Meta WordPress plugin before 2.4.4 does not validate the filepath parameter of its um_show_uploaded_file AJAX action, which could allow low privileged users such as subscriber to enumerate the local files on the web server via path traversal payloads
Affected Version(s)
User Meta β User Profile Builder and User management plugin 2.4.4