CVE-2024-12637
CVE-2024-12637
Título es
CVE-2024-12637
Vie, 17/01/2025 – 07:15
Tipo
CWE-200
Gravedad 2.0 Txt
Pendiente de análisis
Título en
CVE-2024-12637
Descripción en
The Moving Users plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.05 via the export functionality. The JSON files are stored in predictable locations with guessable file names when exporting user data. This could allow unauthenticated attackers to extract sensitive user data, for instance, email addresses, hashed passwords, and IP addresses.
17/01/2025
17/01/2025
Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Gravedad 3.1 (CVSS 3.1 Base Score)
5.30
Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
MEDIUM
Referencias
Enviar en el boletín
Off
