The UsersWP WordPress plugin before 1.2.12 uses predictable filenames when an admin generates an export, which could allow unauthenticated attackers to download them and retrieve sensitive information such as IP, username, and email address
History

Fri, 06 Sep 2024 17:30:00 +0000

Type Values Removed Values Added
First Time appeared Ayecode
Ayecode userswp
CPEs cpe:2.3:a:ayecode:userswp:*:*:*:*:*:*:*:*
Vendors & Products Ayecode
Ayecode userswp
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2024-08-03T06:00:05.955Z

Updated: 2024-09-06T16:33:26.912Z

Reserved: 2024-07-03T13:46:37.057Z

Link: CVE-2024-6477

cve-icon Vulnrichment

Updated: 2024-08-08T20:42:53.247Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-08-03T06:16:29.427

Modified: 2024-09-06T17:35:19.087

Link: CVE-2024-6477

cve-icon Redhat

No data.