← voltar
CVE-2022-0779

User Meta < 2.4.4 - Subscriber+ Local File Enumeration via Path Traversal

EPSS 2.2%CWE-22
The User Meta WordPress plugin before 2.4.4 does not validate the filepath parameter of its um_show_uploaded_file AJAX action, which could allow low privileged users such as subscriber to enumerate the local files on the web server via path traversal payloads
Produtos afetados
Unknown · User Meta – User Profile Builder and User management plugin

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://wpscan.com/vulnerability/9d4a3f09-b011-4d87-ab63-332e505cf1cd