The UsersWP WordPress plugin before 1.2.12 uses predictable filenames when an admin generates an export, which could allow unauthenticated attackers to download them and retrieve sensitive information such as IP, username, and email address
Metrics
Affected Vendors & Products
References
History
Fri, 06 Sep 2024 17:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Ayecode
Ayecode userswp |
|
CPEs | cpe:2.3:a:ayecode:userswp:*:*:*:*:*:*:*:* | |
Vendors & Products |
Ayecode
Ayecode userswp |
|
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2024-08-03T06:00:05.955Z
Updated: 2024-09-06T16:33:26.912Z
Reserved: 2024-07-03T13:46:37.057Z
Link: CVE-2024-6477
Vulnrichment
Updated: 2024-08-08T20:42:53.247Z
NVD
Status : Awaiting Analysis
Published: 2024-08-03T06:16:29.427
Modified: 2024-09-06T17:35:19.087
Link: CVE-2024-6477
Redhat
No data.