CVE-2024-43277
WordPress UsersWP plugin <= 1.2.15 - Broken Access Control vulnerabilityMissing Authorization vulnerability in AyeCode Ltd UsersWP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UsersWP: from n/a through 1.2.15.
We have discovered 519 live websites that are affected by CVE-2024-43277.
Affected Software
| Product |  Userswp |
| Category | Wordpress Plugins |
| Vulnerable Domains | 519 live websites (15% of Userswp install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 53 versions ( 58% of all versions) |
Common Weakness Enumeration
CWE-862 Missing AuthorizationDetails
- Published - Nov 1, 2024
- Updated - Nov 5, 2024
Credits
- Ananda Dhakal (Patchstack) (finder)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2024-43277 United States | 157 websites |
 Germany | 50 websites |
 Italy | 40 websites |
 GB | 35 websites |
 Spain | 23 websites |
 Russia | 23 websites |
 France | 21 websites |
 Poland | 20 websites |
 South Africa | 12 websites |
 Canada | 11 websites |
Website Distribution by TLD
Number of websites using CVE-2024-43277| .com | 194 websites |
| .org | 48 websites |
| .it | 27 websites |
| .de | 22 websites |
| .ru | 20 websites |
| .co.uk | 19 websites |
| .pl | 17 websites |
| .net | 15 websites |
| .eu | 9 websites |
| .fr | 8 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2024-43277
Top websites that are affected by CVE-2024-43277. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| **.today | United States | ***,*** | |
| ************.com | United States | ***,*** | |
| *****.org | United States | ***,*** | |
| ******.com |  Cyprus | ***,*** | |
| *****.org |  Belgium | ***,*** | |
| ************.com | Canada | ***,*** | |
| *************.com | United States | ***,*** | |
| ****.ong |  Portugal | ***,*** | |
| *****.com | United States | ***,*** | |
| *************.org | Spain | ***,*** |
FAQ
CVE-2024-43277 is Missing Authorization in Userswp
A total of 519 websites have been identified as vulnerable to CVE-2024-43277, based on global website indexing conducted by WebTechSurvey.
The Userswp is affected by the CVE-2024-43277 vulnerability.
Userswp versions up to and including 1.2.15 are vulnerable to CVE-2024-43277.