cleantalk
Vulnerabilities and Security Researches

User Meta – User Profile Builder and User management plugin, CVE-2022-0779

CVE, Research URL

CVE-2022-0779

Home page URL

Security reports for User Meta – User Profile Builder and User management plugin

Application

User Meta – User Profile Builder and User management plugin

Published on
Jun 08, 2022
Research Description
The User Meta WordPress plugin before 2.4.4 does not validate the filepath parameter of its um_show_uploaded_file AJAX action, which could allow low privileged users such as subscriber to enumerate the local files on the web server via path traversal payloads
Affected versions
Min -, max 1.1.2.
Status
vulnerable
Previous vulnerability researches
User Meta – User Profile Builder and User management plugin (CVE-2024-9262) , Nov 10, 2024
User Meta – User Profile Builder and User management plugin (CVE-2022-0376) , Jun 07, 2024
User Meta – User Profile Builder and User management plugin (CVE-2022-0779) , Jun 07, 2024
User Meta – User Profile Builder and User management plugin (CVE-2024-33575) , Jun 07, 2024
New vulnerability
The Plus Addons for Elementor (CVE-2025-49076) , Jun 06, 2025
WP Pipes (CVE-2025-48267) , Jun 06, 2025
Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, (CVE-2025-5292) , Jun 06, 2025
Newsletters (CVE-2025-4857) , Jun 06, 2025
Royal Elementor Addons and Templates (CVE-2025-3813) , Jun 06, 2025