[wp-trac] [WordPress Trac] #63441: Exposed Users
WordPress Trac
noreply at wordpress.org
Tue May 13 16:09:24 UTC 2025
#63441: Exposed Users
--------------------------+-----------------------------
Reporter: strahan | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version:
Severity: critical | Keywords:
Focuses: |
--------------------------+-----------------------------
WordPress Exposed Users
Publicly exposed usernames and data make it easier to attempt brute-force
attacks on the platform.
WordPress Exposed Users Via JSON API
This WordPress server has a configuration which provides a public listing
of all WordPress users. This could lead to brute-force, stolen
credentials, phishing and other attacks.
Review the wp-json API location.
Consider disabling the WordPress REST API or installing a security plugin.
WordPress Exposed Users Via Author URL
User enumeration is present on the WordPress server. With user
enumeration, an attacker can retrieve usernames and make it easier to
attempt brute-force attacks on the platform.
Review the specified URL.
Consider disabling user enumeration on your WordPress configuration.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/63441>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list