QwikSec

Security Database

CVE

CWE

Training

CVE-2022-0779

Published: Jun 6, 2022

Modified: Aug 2, 2024

PUBLISHED

Description

The User Meta WordPress plugin before 2.4.4 does not validate the filepath parameter of its um_show_uploaded_file AJAX action, which could allow low privileged users such as subscriber to enumerate the local files on the web server via path traversal payloads

Vendor	Product	Versions
Unknown	User Meta – User Profile Builder and User management plugin	affected `2.4.4 - < 2.4.4`

Weaknesses (CWE)

References

https://wpscan.com/vulnerability/9d4a3f09-b011-4d87-ab63-332e505cf1cd

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.