Description
WordPress Plugin User Meta Manager is prone to an information disclosure vulnerability. Attackers can exploit this issue to perform a series of AJAX requests in order to get all contents of `usermeta` database table and obtain sensitive information that may help in launching further attacks. WordPress Plugin User Meta Manager version 3.4.7 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 3.4.8 or latest
References
http://pvagenas.com/vulnerabilities/user-meta-manager-information-disclosure/
https://www.exploit-db.com/exploits/39420/
Related Vulnerabilities
WordPress Plugin BulletProof Security Cross-Site Scripting (.52.4)
WordPress Plugin WP-DBManager Multiple Vulnerabilities (2.71)
PHP Improper Input Validation Vulnerability (CVE-2007-2509)
MySQL CVE-2021-35624 Vulnerability (CVE-2021-35624)
WordPress Plugin FV Flowplayer Video Player Cross-Site Request Forgery (7.5.30.7210)