Site icon API Security Blog

Top Echelon Software: WordPress Users Disclosure (/wp-json/wp/v2/users/)

Hello Team @top_echelon_software
Information:
Using REST API, we can see all the WordPress users/author with some of their information.

Step To Reproduce:
You can get user info by entering below url in your browser:
https://www.topechelon.com/wp-json/wp/v2/users/
{F1858903}

## Impact

Authors : LTR , LTREditor can be created scenario of doing bruteforce attacks to this users

Malicious counterpart could collect the usernames disclosed (and the admin user) and be focused throughout BF attack (as the usernames are now known)Read More

Exit mobile version