Approved changes feed: RSS · Atom

cpe:2.3:a:ayecode:userswp:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorAyecode (075372bf-4710-5b02-aa7e-ef70a5044052)
ProductUserswp (bc9d8987-7099-5442-9d3b-490c4687fa00)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from purl2cpe mapping

PURL mappings

PURLSourceLast updated
pkg:github/ayecode/userswp purl2cpe 2026-06-01 10:13:12.772928

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2024-6477 vulnerable 2026-06-08 06:58:19.555367 UsersWP < 1.2.12 - Users Information Disclosure
The UsersWP WordPress plugin before 1.2.12 uses predictable filenames when an admin generates an export, which could allow unauthenticated attackers to download them and retrieve sensitive information such as IP, username, and email address
Published: 2024-08-03T06:00:05.955Z
Updated: 2025-08-27T12:00:49.772Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-43277 vulnerable 2026-06-08 06:45:50.003779 WordPress UsersWP plugin <= 1.2.15 - Broken Access Control vulnerability
MEDIUM (5.3)
Missing Authorization vulnerability in AyeCode Ltd UsersWP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UsersWP: from n/a through 1.2.15.
Published: 2024-11-01T14:17:32.056Z
Updated: 2026-04-28T16:10:11.755Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-47442 vulnerable 2026-06-08 05:50:40.455910 WordPress UsersWP Plugin <= 1.2.3.9 is vulnerable to CSV Injection
MEDIUM (5.8)
Improper Neutralization of Formula Elements in a CSV File vulnerability in AyeCode Ltd UsersWP.This issue affects UsersWP: from n/a through 1.2.3.9.
Published: 2023-11-07T15:09:29.695Z
Updated: 2026-04-28T16:07:57.522Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.