CVE-2024-6477

Published: Aug 3, 2024Modified: Aug 22, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

The UsersWP WordPress plugin before 1.2.12 uses predictable filenames when an admin generates an export, which could allow unauthenticated attackers to download them and retrieve sensitive information such as IP, username, and email address

Affected (1)

Products: Ayecode: Userswp

Ayecode

1 product

Userswp

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ayecode Userswp	Before 1.2.12

References (1)

https://wpscan.com/vulnerability/346c855a-4d42-4a87-aac9-e5bfc2242b16/

Source: contact@wpscan.com

ExploitThird Party Advisory

Timeline

No history available yet.