WordPress Plugin User Meta Manager is prone to multiple vulnerabilities, including privilege escalation and SQL injection vulnerabilities. Exploiting these issues could allow an attacker to bypass the expected capabilities check and perform otherwise restricted actions such as modify the meta information of any registered user, or to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. WordPress Plugin User Meta Manager version 3.4.6 is vulnerable; prior versions may also be affected.


Update to plugin version 3.4.8 or latest


Related Vulnerabilities