{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-6477", "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "state": "PUBLISHED", "assignerShortName": "WPScan", "dateReserved": "2024-07-03T13:46:37.057Z", "datePublished": "2024-08-03T06:00:05.955Z", "dateUpdated": "2025-08-27T12:00:49.772Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan", "dateUpdated": "2025-08-27T12:00:49.772Z"}, "title": "UsersWP < 1.2.12 - Users Information Disclosure", "problemTypes": [{"descriptions": [{"description": "CWE-340 Generation of Predictable Numbers or Identifiers", "lang": "en", "type": "CWE"}]}], "affected": [{"vendor": "Unknown", "product": "UsersWP", "versions": [{"status": "affected", "versionType": "semver", "version": "0", "lessThan": "1.2.12"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The UsersWP WordPress plugin before 1.2.12 uses predictable filenames when an admin generates an export, which could allow unauthenticated attackers to download them and retrieve sensitive information such as IP, username, and email address"}], "references": [{"url": "https://wpscan.com/vulnerability/346c855a-4d42-4a87-aac9-e5bfc2242b16/", "tags": ["exploit", "vdb-entry", "technical-description"]}], "credits": [{"lang": "en", "value": "Majdeddine Ben Hadj Brahim", "type": "finder"}, {"lang": "en", "value": "WPScan", "type": "coordinator"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "WPScan CVE Generator"}}, "adp": [{"affected": [{"vendor": "ayecode", "product": "userswp", "cpes": ["cpe:2.3:a:ayecode:userswp:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "0", "status": "affected", "lessThan": "1.2.12", "versionType": "semver"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-08-05T15:55:58.473168Z", "id": "CVE-2024-6477", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-06T16:33:26.912Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-6477", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-05T15:55:58.473168Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:ayecode:userswp:*:*:*:*:*:*:*:*"], "vendor": "ayecode", "product": "userswp", "versions": [{"status": "affected", "version": "0", "lessThan": "1.2.12", "versionType": "semver"}], "defaultStatus": "unaffected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-08T20:42:53.247Z"}}], "cna": {"title": "UsersWP < 1.2.12 - Users Information Disclosure", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Majdeddine Ben Hadj Brahim"}, {"lang": "en", "type": "coordinator", "value": "WPScan"}], "affected": [{"vendor": "Unknown", "product": "UsersWP", "versions": [{"status": "affected", "version": "0", "lessThan": "1.2.12", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://wpscan.com/vulnerability/346c855a-4d42-4a87-aac9-e5bfc2242b16/", "tags": ["exploit", "vdb-entry", "technical-description"]}], "x_generator": {"engine": "WPScan CVE Generator"}, "descriptions": [{"lang": "en", "value": "The UsersWP WordPress plugin before 1.2.12 uses predictable filenames when an admin generates an export, which could allow unauthenticated attackers to download them and retrieve sensitive information such as IP, username, and email address"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-340 Generation of Predictable Numbers or Identifiers"}]}], "providerMetadata": {"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan", "dateUpdated": "2025-08-27T12:00:49.772Z"}}}, "cveMetadata": {"cveId": "CVE-2024-6477", "state": "PUBLISHED", "dateUpdated": "2025-08-27T12:00:49.772Z", "dateReserved": "2024-07-03T13:46:37.057Z", "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "datePublished": "2024-08-03T06:00:05.955Z", "assignerShortName": "WPScan"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ayecode:userswp:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "4A08886D-1258-4225-AA23-DF654B43FFB0", "versionEndExcluding": "1.2.12", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The UsersWP WordPress plugin before 1.2.12 uses predictable filenames when an admin generates an export, which could allow unauthenticated attackers to download them and retrieve sensitive information such as IP, username, and email address"}, {"lang": "es", "value": "El complemento UsersWP de WordPress anterior a 1.2.12 usa nombres de archivos predecibles cuando un administrador genera una exportaci\u00f3n, lo que podr\u00eda permitir a atacantes no autenticados descargarlos y recuperar informaci\u00f3n confidencial como IP, nombre de usuario y direcci\u00f3n de correo electr\u00f3nico."}], "id": "CVE-2024-6477", "lastModified": "2025-08-22T09:15:33.370", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-08-03T06:16:29.427", "references": [{"source": "contact@wpscan.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/346c855a-4d42-4a87-aac9-e5bfc2242b16/"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}