Vulnerabilities

CVE-2022-0779

by Fred · 06/06/2022

The User Meta WordPress plugin before 2.4.4 does not validate the filepath parameter of its um_show_uploaded_file AJAX action, which could allow low privileged users such as subscriber to enumerate the local files on the web server via path traversal payloads

Date published : 2022-06-06

https://wpscan.com/vulnerability/9d4a3f09-b011-4d87-ab63-332e505cf1cd

Similar

Tags: Cybersecurity Alert