Description
WordPress Plugin User Meta Manager is prone to multiple vulnerabilities, including privilege escalation and SQL injection vulnerabilities. Exploiting these issues could allow an attacker to bypass the expected capabilities check and perform otherwise restricted actions such as modify the meta information of any registered user, or to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. WordPress Plugin User Meta Manager version 3.4.6 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 3.4.8 or latest
References
https://www.exploit-db.com/exploits/39410/
https://www.exploit-db.com/exploits/39411/
http://seclists.org/bugtraq/2016/Feb/34