WordPress User IDs And User Names Disclosure Network Vulnerability

Summary

WordPress platforms use a parameter called `author'. This parameter accepts integer values and represents the `User ID' of users in the web site. For example: http://www.example.com/?author=1 The problems found are: 1. User ID values are generated consecutively. 2. When a valid User ID is found, WordPress redirects to a web page with the name of the author. These problems trigger the following attack vectors: 1. The query response discloses whether the User ID is enabled. 2. The query response leaks (by redirection) the User Name corresponding with that User ID.

References

http://www.talsoft.com.ar/index.php/research/security-advisories/wordpress-user-id-and-user-name-disclosure

Updated on 2015-03-25

Severity

Classification

CVSS Base Score: 5.8
AV:A/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Apache Tomcat DOS Device Name XSS
A Really Simple Chat Multiple XSS Vulnerabilities
Aardvark Topsites <= 4.2.2 Remote File Inclusion Vulnerability
Apache Struts Directory Traversal Vulnerability
AfterLogic WebMail Pro Multiple Cross Site Scripting Vulnerabilities

WordPress User IDs and User Names Disclosure

Take action and discover your vulnerabilities