WordPress Plugin User Meta Manager Multiple Vulnerabilities (3.4.6) - Vulnerability Database

WordPress Plugin User Meta Manager Multiple Vulnerabilities (3.4.6)

Description

WordPress Plugin User Meta Manager is prone to multiple vulnerabilities, including privilege escalation and SQL injection vulnerabilities. Exploiting these issues could allow an attacker to bypass the expected capabilities check and perform otherwise restricted actions such as modify the meta information of any registered user, or to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. WordPress Plugin User Meta Manager version 3.4.6 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 3.4.8 or latest

References

https://www.exploit-db.com/exploits/39410/

https://www.exploit-db.com/exploits/39411/

http://seclists.org/bugtraq/2016/Feb/34

http://seclists.org/bugtraq/2016/Feb/35

https://packetstormsecurity.com/files/135627/WordPress-User-Meta-Manager-3.4.6-Privilege-Escalation.html

https://packetstormsecurity.com/files/135628/WordPress-User-Meta-Manager-3.4.6-Blind-SQL-Injection.html

https://wordpress.org/plugins/user-meta-manager/changelog/

Related Vulnerabilities

Severity

High

Classification

CWE-89

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N