Vulnerabilities > User Meta > User Meta User Profile Builder AND User Management > 2.4.3

DATE	CVE	VULNERABILITY TITLE	RISK
2022-06-08	CVE-2022-0779	Path Traversal vulnerability in User-Meta User Meta User Profile Builder and User Management The User Meta WordPress plugin before 2.4.4 does not validate the filepath parameter of its um_show_uploaded_file AJAX action, which could allow low privileged users such as subscriber to enumerate the local files on the web server via path traversal payloads network low complexity user-meta CWE-22	4.0

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.