User-meta User Meta User Profile Builder And User Management — known CVE vulnerabilities
Every CVE whose affected-product data names User-meta User Meta User Profile Builder And User Management, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (2)
CVE-2022-0779 — CVSS 6.5 (medium): The User Meta WordPress plugin before 2.4.4 does not validate the filepath parameter of its um_show_uploaded_file AJAX action, which could…
CVE-2022-0376 — CVSS 4.8 (medium): The User Meta WordPress plugin before 2.4.3 does not sanitise and escape the Form Name, as well as Shared Field Labels before outputting…