cleantalk
Vulnerabilities and Security Researches

User Meta – User Profile Builder and User management plugin, CVE-2022-0779

CVE, Research URL

CVE-2022-0779

Home page URL

Security reports for User Meta – User Profile Builder and User management plugin

Application

User Meta – User Profile Builder and User management plugin

Published on
Jun 08, 2022
Research Description
The User Meta WordPress plugin before 2.4.4 does not validate the filepath parameter of its um_show_uploaded_file AJAX action, which could allow low privileged users such as subscriber to enumerate the local files on the web server via path traversal payloads
Affected versions
max 1.1.2.
Status
vulnerable
Previous vulnerability researches
Add User Meta (CVE-2025-7688) , Aug 17, 2025
Simple User Meta Editor (CVE-2025-14888) , Jan 11, 2026
User Meta – User Profile Builder and User management plugin (CVE-2025-9693) , Apr 24, 2026
User Meta – User Profile Builder and User management plugin (CVE-2024-9262) , Nov 10, 2024
User Meta – User Profile Builder and User management plugin (CVE-2022-0376) , Jun 07, 2024
New vulnerability
Generic Elements (CVE-2025-9080) , Apr 25, 2026
Payments Plugin and Checkout Plugin for WooCommerce: Stripe, PayPal, Square, Authorize.net (CVE-2025-9463) , Apr 25, 2026
Royal Elementor Addons and Templates (CVE-2026-5428) , Apr 25, 2026
Portfolio & Image Gallery for WordPress | PowerFolio (CVE-2025-57932) , Apr 24, 2026
Bold Page Builder (CVE-2025-7730) , Apr 24, 2026