7.5
CVE-2024-6477
- EPSS 0.58%
- Veröffentlicht 03.08.2024 06:16:29
- Zuletzt bearbeitet 22.08.2025 09:15:33
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
UsersWP < 1.2.12 - Users Information Disclosure
UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP <= 1.2.11 - Unauthenticated Information Disclosure via Unprotected Directories
The UsersWP WordPress plugin before 1.2.12 uses predictable filenames when an admin generates an export, which could allow unauthenticated attackers to download them and retrieve sensitive information such as IP, username, and email address
Mögliche Gegenmaßnahme
UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP: Update to version 1.2.12, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginWeitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP
Version
*-1.2.11
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.58% | 0.428 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
https://wpscan.com/vulnerability/346c855a-4d42-4a87-aac9-e5bfc2242b16/
https://www.wordfence.com/threat-intel/vulnerabilities/id/d95295ed-4878-414d-be6b-bfb3e9076cca