UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress, CVE-2024-6477

CVE, Research URL: CVE-2024-6477
Home page URL: Security reports for UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress
Application: UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress
Published on: Aug 03, 2024
Research Description: The UsersWP WordPress plugin before 1.2.12 uses predictable filenames when an admin generates an export, which could allow unauthenticated attackers to download them and retrieve sensitive information such as IP, username, and email address
Affected versions: max 1.2.12.
Status: vulnerable

UsersWP &#8211; Front-end login form, User Registration, User Profile &amp; Members Directory plugin for WordPress, CVE-2024-6477