This host is installed with WordPress Stop User Enumeration Plugin and is prone to security bypass vulnerability.

Successful exploitation will allow attacker to enumerate users and get some sensitive information, leads to further attacks. Impact Level: Application

No Solution or patch is available as of 5th February, 2014. Information regarding this issue will be updated once the solution details are available. For updates refer to http://wordpress.org/plugins/stop-user-enumeration

Username enumeration protection for 'author' parameter via POST request is not proper.

WordPress Stop User Enumeration Plugin version 1.2.4, Other versions may also be affected.

Send a crafted data via HTTP POST request and check whether it is able to bypass security restriction or not.

• http://archives.neohapsis.com/archives/fulldisclosure/current/0003.html
• http://seclists.org/fulldisclosure/2014/Feb/3
• http://www.securelist.com/en/advisories/56643

---

Updated on 2017-03-28