CVE-2024-12637

Name of the Vulnerable Software and Affected Versions Moving Users plugin for WordPress versions up to and including 1.05

Description The Moving Users plugin for WordPress is vulnerable to sensitive information exposure in its export functionality. This issue arises because JSON files are stored in predictable locations with guessable file names when exporting user data. As a result, unauthenticated attackers could potentially extract sensitive user data, including email addresses, hashed passwords, and IP addresses.

Recommendations For versions up to and including 1.05, consider disabling the export functionality until a patch is available to prevent unauthenticated attackers from extracting sensitive user data. Restrict access to the JSON files stored in predictable locations to minimize the risk of exploitation. Avoid using the export functionality until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.