CVE-2024-6477

Name of the Vulnerable Software and Affected Versions UsersWP WordPress plugin versions prior to 1.2.12

Description The issue allows unauthenticated attackers to download sensitive information, including IP addresses, usernames, and email addresses, due to the use of predictable filenames when an admin generates an export.

Recommendations For versions prior to 1.2.12, update to version 1.2.12 or later to resolve the issue. As a temporary workaround, consider restricting access to the export functionality until the update is applied.