User Meta WordPress Plugin Arbitrary File Deletion Vulnerability

A vulnerability allowing arbitrary file deletion has been identified in the User Meta – User Profile Builder and User Management plugin for WordPress, affecting all versions through 3.1.2. This vulnerability arises from inadequate file path validation in the 'postInsertUserProcess' function, enabling authenticated attackers with Subscriber-level access or higher to delete arbitrary files on the server. Exploiting this flaw could lead to remote code execution, particularly if a critical file like 'wp-config.php' is deleted.

Impact

Successful exploitation allows authenticated users with Subscriber-level access or higher to delete arbitrary files on the server, potentially leading to remote code execution.

Reproduction

To reproduce this vulnerability, an authenticated user with Subscriber-level access or higher can use the 'postInsertUserProcess' function to upload a file. The insufficient validation allows for path traversal, enabling the deletion of arbitrary files, including sensitive ones like 'wp-config.php'.

Remediation

No known patch is available. It is recommended to review the vulnerability details and consider uninstalling the affected plugin.