Filtered by vendor User-meta
Subscribe
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-23712 | 1 User-meta | 1 User Meta Manager | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in User Meta Manager plugin <= 3.4.9 versions. | |||||
| CVE-2022-0779 | 1 User-meta | 1 User Meta User Profile Builder And User Management | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| The User Meta WordPress plugin before 2.4.4 does not validate the filepath parameter of its um_show_uploaded_file AJAX action, which could allow low privileged users such as subscriber to enumerate the local files on the web server via path traversal payloads | |||||
| CVE-2022-0376 | 1 User-meta | 1 User Meta User Profile Builder And User Management | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The User Meta WordPress plugin before 2.4.3 does not sanitise and escape the Form Name, as well as Shared Field Labels before outputting them in the admin dashboard when editing a form, which could allow high privilege users to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | |||||