cve/2024/CVE-2024-6477.md

### [CVE-2024-6477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6477)
![](https://img.shields.io/static/v1?label=Product&message=UsersWP&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.2.12%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-200%20Information%20Exposure&color=brighgreen)

### Description

The UsersWP  WordPress plugin before 1.2.12 uses predictable filenames when an admin generates an export, which could allow unauthenticated attackers to download them and retrieve sensitive information such as IP, username, and email address

### POC

#### Reference
- https://wpscan.com/vulnerability/346c855a-4d42-4a87-aac9-e5bfc2242b16/

#### Github
- https://github.com/20142995/nuclei-templates
Update CVE sources 2024-08-05 18:41 2024-08-05 18:41:32 +00:00			`### [CVE-2024-6477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6477)`
			`![](https://img.shields.io/static/v1?label=Product&message=UsersWP&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.2.12%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-200%20Information%20Exposure&color=brighgreen)`

			`### Description`

			`The UsersWP WordPress plugin before 1.2.12 uses predictable filenames when an admin generates an export, which could allow unauthenticated attackers to download them and retrieve sensitive information such as IP, username, and email address`

			`### POC`

			`#### Reference`
			`- https://wpscan.com/vulnerability/346c855a-4d42-4a87-aac9-e5bfc2242b16/`

			`#### Github`
Update CVE sources 2024-08-11 18:44 2024-08-11 18:44:53 +00:00			`- https://github.com/20142995/nuclei-templates`
Update CVE sources 2024-08-05 18:41 2024-08-05 18:41:32 +00:00