Vulnerabilities and security researches foruser-meta user-meta

Jun 07, 2024

CVE, Research URL: CVE-2022-0376
Home page URL: Security reports for User Meta – User Profile Builder and User management plugin
Application: User Meta – User Profile Builder and User management plugin
Date: May 30, 2022
Research Description: The User Meta WordPress plugin before 2.4.3 does not sanitise and escape the Form Name, as well as Shared Field Labels before outputting them in the admin dashboard when editing a form, which could allow high privilege users to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
Affected versions: max 2.4.3.
Status: vulnerable

CVE, Research URL: CVE-2022-0779
Home page URL: Security reports for User Meta – User Profile Builder and User management plugin
Application: User Meta – User Profile Builder and User management plugin
Date: Jun 08, 2022
Research Description: The User Meta WordPress plugin before 2.4.4 does not validate the filepath parameter of its um_show_uploaded_file AJAX action, which could allow low privileged users such as subscriber to enumerate the local files on the web server via path traversal payloads
Affected versions: max 1.1.2.
Status: vulnerable

CVE, Research URL: CVE-2024-33575
Home page URL: Security reports for User Meta – User Profile Builder and User management plugin
Application: User Meta – User Profile Builder and User management plugin
Date: Apr 29, 2024
Research Description: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in User Meta user-meta.This issue affects User Meta: from n/a through 3.0.
Affected versions: max 3.1.
Status: vulnerable

Nov 10, 2024

CVE, Research URL: CVE-2024-9262
Home page URL: Security reports for User Meta – User Profile Builder and User management plugin
Application: User Meta – User Profile Builder and User management plugin
Date: Nov 09, 2024
Research Description: The User Meta – User Profile Builder and User management plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.1 via the getUser() due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Contributor-level access and above, to obtain user meta values from form fields. Please note that this requires a site administrator to create a form that displays potentially sensitive information like password hashes. This may also be exploited by unauthenticated users if the 'user-meta-public-profile' shortcode is used insecurely.
Affected versions: max 3.1.
Status: vulnerable

Jun 14, 2025

CVE, Research URL: CVE-2025-47611
Home page URL: Security reports for User Meta – User Profile Builder and User management plugin
Application: User Meta – User Profile Builder and User management plugin
Date: May 23, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Khaled User Meta allows Reflected XSS. This issue affects User Meta: from n/a through 3.1.2.
Affected versions: max 3.1.2.
Status: vulnerable

Apr 24, 2026

CVE, Research URL: CVE-2025-9693
Home page URL: Security reports for User Meta – User Profile Builder and User management plugin
Application: User Meta – User Profile Builder and User management plugin
Date: Sep 11, 2025
Research Description: The User Meta – User Profile Builder and User management plugin plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the postInsertUserProcess function in all versions up to, and including, 3.1.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
Affected versions: max 3.1.2.
Status: vulnerable