Description
WordPress Plugin User Meta Manager is prone to an information disclosure vulnerability. Attackers can exploit this issue to perform a series of AJAX requests in order to get all contents of `usermeta` database table and obtain sensitive information that may help in launching further attacks. WordPress Plugin User Meta Manager version 3.4.7 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 3.4.8 or latest
References
http://pvagenas.com/vulnerabilities/user-meta-manager-information-disclosure/
https://www.exploit-db.com/exploits/39420/
Related Vulnerabilities
TYPO3 Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2014-3942)
WordPress Plugin Improved Product Options for WooCommerce Security Bypass (5.2.0)
MongoDb Integer Overflow or Wraparound Vulnerability (CVE-2019-2392)
Atlassian Jira Incorrect Authorization Vulnerability (CVE-2020-36238)