Description
WordPress Plugin User Meta Manager is prone to an information disclosure vulnerability. Attackers can exploit this issue to perform a series of AJAX requests in order to get all contents of `usermeta` database table and obtain sensitive information that may help in launching further attacks. WordPress Plugin User Meta Manager version 3.4.7 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 3.4.8 or latest
References
http://pvagenas.com/vulnerabilities/user-meta-manager-information-disclosure/
https://www.exploit-db.com/exploits/39420/
Related Vulnerabilities
WordPress Plugin Feed Them Social-for Twitter feed, Youtube and more PHAR Deserialization (2.9.8.5)
WordPress Plugin Content Staging Cross-Site Scripting (2.0.1)
Drupal Improper Access Control Vulnerability (CVE-2020-13677)
Joomla Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2010-1433)
Envoy Proxy Improper Encoding or Escaping of Output Vulnerability (CVE-2023-35941)