Top Echelon Software: WordPress Users Disclosure (/wp-json/wp/v2/users/)
Discription
Hello Team @top_echelon_software
Information:
Using REST API, we can see all the WordPress users/author with some of their information.
Step To Reproduce:
You can get user info by entering below url in your browser:
https://www.topechelon.com/wp-json/wp/v2/users/
{F1858903}
## Impact
Authors : LTR , LTREditor can be created scenario of doing bruteforce attacks to this users
Malicious counterpart could collect the usernames disclosed (and the admin user) and be focused throughout BF attack (as the usernames are now known)Read More
References
Back to Main