Description
WordPress includes a REST API that can be used to list the information about the registered users on a WordPress installation. The REST API exposed user data for all users who had authored a post of a public post type. WordPress 4.7.1 limits this to only post types which have specified that they should be shown within the REST API.
Remediation
Install a WordPress plugin such as Stop User Enumeration. Stop User Enumeration is a security plugin designed to detect and prevent hackers scanning your site for user names.
References
Related Vulnerabilities
WordPress 5.9.x Multiple Vulnerabilities (5.9 - 5.9.7)
Stack Trace Disclosure (CakePHP)
TYPO3 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2010-3664)
WordPress Plugin WordPress renaming tool by Vlajo Arbitrary File Download (1.0)
WordPress Plugin WP Hide & Security Enhancer Arbitrary File Download (1.3.9.2)