{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-6477","assignerOrgId":"1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81","state":"PUBLISHED","assignerShortName":"WPScan","dateReserved":"2024-07-03T13:46:37.057Z","datePublished":"2024-08-03T06:00:05.955Z","dateUpdated":"2025-08-27T12:00:49.772Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81","shortName":"WPScan","dateUpdated":"2025-08-27T12:00:49.772Z"},"title":"UsersWP < 1.2.12 - Users Information Disclosure","problemTypes":[{"descriptions":[{"description":"CWE-340 Generation of Predictable Numbers or Identifiers","lang":"en","type":"CWE"}]}],"affected":[{"vendor":"Unknown","product":"UsersWP","versions":[{"status":"affected","versionType":"semver","version":"0","lessThan":"1.2.12"}],"defaultStatus":"unaffected"}],"descriptions":[{"lang":"en","value":"The UsersWP WordPress plugin before 1.2.12 uses predictable filenames when an admin generates an export, which could allow unauthenticated attackers to download them and retrieve sensitive information such as IP, username, and email address"}],"references":[{"url":"https://wpscan.com/vulnerability/346c855a-4d42-4a87-aac9-e5bfc2242b16/","tags":["exploit","vdb-entry","technical-description"]}],"credits":[{"lang":"en","value":"Majdeddine Ben Hadj Brahim","type":"finder"},{"lang":"en","value":"WPScan","type":"coordinator"}],"source":{"discovery":"EXTERNAL"},"x_generator":{"engine":"WPScan CVE Generator"}},"adp":[{"affected":[{"vendor":"ayecode","product":"userswp","cpes":["cpe:2.3:a:ayecode:userswp:*:*:*:*:*:*:*:*"],"defaultStatus":"unaffected","versions":[{"version":"0","status":"affected","lessThan":"1.2.12","versionType":"semver"}]}],"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":7.5,"attackVector":"NETWORK","baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","integrityImpact":"NONE","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"NONE","privilegesRequired":"NONE","confidentialityImpact":"HIGH"}},{"other":{"type":"ssvc","content":{"timestamp":"2024-08-05T15:55:58.473168Z","id":"CVE-2024-6477","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-09-06T16:33:26.912Z"}}]}}