Medium severity6.5NVD Advisory· Published Jun 8, 2022· Updated Jun 17, 2026
CVE-2022-0779
CVE-2022-0779
Description
The User Meta WordPress plugin before 2.4.4 does not validate the filepath parameter of its um_show_uploaded_file AJAX action, which could allow low privileged users such as subscriber to enumerate the local files on the web server via path traversal payloads
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: <2.4.4
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/9d4a3f09-b011-4d87-ab63-332e505cf1cdnvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.