WordPress User Meta Lite and Pro plugin versions 2.4.3 and below suffer from a path traversal vulnerability.