Description
WordPress and WordPress MU before 2.8.1 exhibit different behavior for a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. NOTE: the vendor reportedly disputes the significance of this issue, indicating that the behavior exists for "user convenience."
Remediation
References
Related Vulnerabilities
WordPress Plugin JetWidgets For Elementor Multiple Cross-Site Scripting Vulnerabilities (1.0.8)
WordPress 4.0.x Multiple Vulnerabilities (4.0 - 4.0.14)
WordPress Plugin Sermon Browser Cross-Site Scripting and SQL Injection Vulnerabilities (0.43)
Oracle Application Server CVE-2006-0283 Vulnerability (CVE-2006-0283)