Vigil@nce - WordPress: bypassing Stop User Enumeration
February 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can bypass Stop User Enumeration of WordPress, in
order to obtain sensitive information.
Impacted products: WordPress Plugins
Creation date: 03/02/2014
DESCRIPTION OF THE VULNERABILITY
The Stop User Enumeration plugin of WordPress forbids a remote
attacker to obtain the login name of a user who posted a message.
However, an attacker can use HTTP GET queries to obtain names from
the author number.
An attacker can therefore bypass Stop User Enumeration of
WordPress, in order to obtain sensitive information.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN