CVE-2024-6477

{"id": "CVE-2024-6477", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-08-03T06:16:29.427", "references": [{"url": "https://wpscan.com/vulnerability/346c855a-4d42-4a87-aac9-e5bfc2242b16/", "tags": ["Exploit", "Third Party Advisory"], "source": "[email protected]"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "The UsersWP WordPress plugin before 1.2.12 uses predictable filenames when an admin generates an export, which could allow unauthenticated attackers to download them and retrieve sensitive information such as IP, username, and email address"}, {"lang": "es", "value": "El complemento UsersWP de WordPress anterior a 1.2.12 usa nombres de archivos predecibles cuando un administrador genera una exportaci\u00f3n, lo que podr\u00eda permitir a atacantes no autenticados descargarlos y recuperar informaci\u00f3n confidencial como IP, nombre de usuario y direcci\u00f3n de correo electr\u00f3nico."}], "lastModified": "2025-08-22T09:15:33.370", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ayecode:userswp:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "4A08886D-1258-4225-AA23-DF654B43FFB0", "versionEndExcluding": "1.2.12"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}