ThreatPress

WordPress Vulnerabilities Database

Back

WordPress User Meta Manager Plugin 3.4.6 - Blind SQL Injection

Product
User Meta Manager
Description
Because of this vulnerability, arbitrary MySQL commands can be passed to "umm_user" GET parameter by a registered user.
Solution
Update the plugin.
Classification
Type SQL Injection
OWASP Top 10 A1: Injection
References
Exploit-DB
CVE
Name CVE-N/A
Versions
Affected In <= 3.4.6
Fixed In 3.4.7
Disclosure date
2016-02-04
Credits
Panagiotis Vagenas