CVE-2022-0779

The User Meta WordPress plugin before 2.4.4 does not validate the filepath parameter of its um_show_uploaded_file AJAX action, which could allow low privileged users such as subscriber to enumerate the local files on the web server via path traversal payloads
Configurations

Configuration 1 (hide)

cpe:2.3:a:user-meta:user_meta_user_profile_builder_and_user_management:*:*:*:*:*:wordpress:*:*

History

21 Nov 2024, 06:39

Type Values Removed Values Added
References () https://wpscan.com/vulnerability/9d4a3f09-b011-4d87-ab63-332e505cf1cd - Exploit, Third Party Advisory () https://wpscan.com/vulnerability/9d4a3f09-b011-4d87-ab63-332e505cf1cd - Exploit, Third Party Advisory

11 Jul 2022, 14:13

Type Values Removed Values Added
CPE cpe:2.3:a:usermeta:user_meta_user_profile_builder_and_user_management:*:*:*:*:*:wordpress:*:* cpe:2.3:a:user-meta:user_meta_user_profile_builder_and_user_management:*:*:*:*:*:wordpress:*:*

17 Jun 2022, 01:01

Type Values Removed Values Added
References (MISC) https://wpscan.com/vulnerability/9d4a3f09-b011-4d87-ab63-332e505cf1cd - (MISC) https://wpscan.com/vulnerability/9d4a3f09-b011-4d87-ab63-332e505cf1cd - Exploit, Third Party Advisory
CPE cpe:2.3:a:usermeta:user_meta_user_profile_builder_and_user_management:*:*:*:*:*:wordpress:*:*
CVSS v2 : unknown
v3 : unknown
v2 : 4.0
v3 : 6.5

08 Jun 2022, 10:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-06-08 10:15

Updated : 2024-11-21 06:39


NVD link : CVE-2022-0779

Mitre link : CVE-2022-0779

CVE.ORG link : CVE-2022-0779


JSON object : View

Products Affected

user-meta

  • user_meta_user_profile_builder_and_user_management
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')