The User Meta is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0 via the /views/debug.php file. This makes it possible for unauthenticated attackers, with to extract sensitive configuration data.
View the template here CVE-2024-33575.yaml
References:
https://patchstack.com/database/vulnerability/user-meta/wordpress-user-meta-plugin-3-0-sensitive-data-exposure-vulnerability?_s_id=cve