CVE-2017-1000226 – Stop User Enumeration plugin <1.3.9 - User Enumeration

https://notcve.org/view.php?id=CVE-2017-1000226

Stop User Enumeration 1.3.8 allows user enumeration via the REST API Stop User Enumeration 1.3.8 permite la enumeración de usuarios mediante la API REST. The Stop User Enumeration plugin for WordPress is vulnerable to User Enumeration in versions up to, and including, 1.3.8. This is due to a flaw that was found in the REST API. This makes it possible for unauthenticated attackers to perform a POST request in the REST API allows simulating different request types. As such, attackers can perform a POST request with the “users” string in the body of the request, and tell the REST API to act like it’s received a GET request. • https://security.dxw.com/advisories/stop-user-enumeration-rest-api • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •