Filtered by vendor User-meta
Subscriptions
Total
3 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-23712 | 1 User-meta | 1 User Meta Manager | 2024-11-21 | 5.4 Medium |
Cross-Site Request Forgery (CSRF) vulnerability in User Meta Manager plugin <= 3.4.9 versions. | ||||
CVE-2022-0779 | 1 User-meta | 1 User Meta User Profile Builder And User Management | 2024-11-21 | 6.5 Medium |
The User Meta WordPress plugin before 2.4.4 does not validate the filepath parameter of its um_show_uploaded_file AJAX action, which could allow low privileged users such as subscriber to enumerate the local files on the web server via path traversal payloads | ||||
CVE-2022-0376 | 1 User-meta | 1 User Meta User Profile Builder And User Management | 2024-11-21 | 4.8 Medium |
The User Meta WordPress plugin before 2.4.3 does not sanitise and escape the Form Name, as well as Shared Field Labels before outputting them in the admin dashboard when editing a form, which could allow high privilege users to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed |
Page 1 of 1.