cleantalk
Vulnerabilities and Security Researches

User Meta – User Profile Builder and User management plugin, CVE-2025-9693

CVE, Research URL

CVE-2025-9693

Home page URL

Security reports for User Meta – User Profile Builder and User management plugin

Application

User Meta – User Profile Builder and User management plugin

Published on
Sep 11, 2025
Research Description
The User Meta – User Profile Builder and User management plugin plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the postInsertUserProcess function in all versions up to, and including, 3.1.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
Affected versions
max 3.1.2.
Status
vulnerable
Previous vulnerability researches
Web Application Firewall – website security (CVE-2022-4539) , Sep 02, 2024
Web Application Firewall – website security (CVE-2024-2172) , Jun 07, 2024
New vulnerability
Portfolio & Image Gallery for WordPress | PowerFolio (CVE-2025-57932) , Apr 24, 2026
Bold Page Builder (CVE-2025-7730) , Apr 24, 2026
Flexi – Guest Submit (CVE-2025-9129) , Apr 24, 2026
Maps for WP (CVE-2025-57952) , Apr 24, 2026
Poll Maker – Best WordPress Poll Plugin (CVE-2025-57954) , Apr 24, 2026