CVE-2022-0779: 
WordPress vulnerability analysis and mitigation

The vulnerability CVE-2022-0779 affects the User Meta WordPress plugin versions before 2.4.4. The vulnerability was discovered and publicly disclosed on May 16, 2022. It involves a path traversal issue in the plugin's um_show_uploaded_file AJAX action functionality (WPScan).

The vulnerability stems from improper validation of the filepath parameter in the um_show_uploaded_file AJAX action. It is classified as CWE-22 (Improper Limitation of a Pathname to a Restricted Directory) and falls under the OWASP Top 10 category A1: Injection. The vulnerability has received a CVSS v3.1 base score of 6.5 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N (NVD).

When exploited, this vulnerability allows low-privileged users, such as subscribers, to enumerate local files on the web server through path traversal attacks. This could potentially expose sensitive system information and configuration files (WPScan).

The vulnerability has been fixed in version 2.4.4 of the User Meta WordPress plugin. Users are advised to update to this version or later to mitigate the risk (WPScan).