← back
CVE-2024-6477

UsersWP < 1.2.12 - Users Information Disclosure

CVSS 7.5 HIGHEPSS 0.6%
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.5EPSS 0.6%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
03 Aug 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The UsersWP WordPress plugin before 1.2.12 uses predictable filenames when an admin generates an export, which could allow unauthenticated attackers to download them and retrieve sensitive information such as IP, username, and email address
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected products
Unknown · UsersWP