User Meta
user-meta
3 CVEs • 2 products
Products (2)
Click to collapseToggle
Products (2)
Click to collapse
CVEs (3)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
Cross-Site Request Forgery (CSRF) vulnerability in User Meta Manager plugin <= 3.4.9 versions. |
1User Meta 1User Meta User Profile Builder And User Management Jun 17, 2026 Jun 8, 2022 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 The User Meta WordPress plugin before 2.4.4 does not validate the filepath parameter of its um_show_uploaded_file AJAX action, which could allow low privileged users such as subscriber to enumerate the local files on the...Show more |
1User Meta 1User Meta User Profile Builder And User Management Jun 17, 2026 May 30, 2022 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 The User Meta WordPress plugin before 2.4.3 does not sanitise and escape the Form Name, as well as Shared Field Labels before outputting them in the admin dashboard when editing a form, which could allow high privilege u...Show more |