The UsersWP WordPress plugin before 1.2.12 uses predictable filenames when an admin generates an export, which could allow unauthenticated attackers to download them and retrieve sensitive information such as IP, username, and email address
References
Configurations
No configuration.
History
06 Sep 2024, 17:35
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
05 Aug 2024, 12:41
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
03 Aug 2024, 06:16
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-08-03 06:16
Updated : 2024-09-06 17:35
NVD link : CVE-2024-6477
Mitre link : CVE-2024-6477
CVE.ORG link : CVE-2024-6477
JSON object : View
Products Affected
No product.
CWE
No CWE.