CVE-2024-6477
UsersWP < 1.2.12 - Users Information Disclosure
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.5EPSS 0.6%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
03 Aug 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The UsersWP WordPress plugin before 1.2.12 uses predictable filenames when an admin generates an export, which could allow unauthenticated attackers to download them and retrieve sensitive information such as IP, username, and email address
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected products
Unknown · UsersWP