Description

If permalinks are enabled, in many WordPress installations it is possible to enumerate all the WordPress usernames iterating through the author archives. Whenever a post is published, the username or alias is shown as the author. For example, the URL http://site.com/?author=1 will show all the posts from user id 1. Attackers can abuse this functionality to figure out which usernames are available on the site.

Remediation

You can use an .htaccess rewrite rule to prevent this disclosure but you should also be sure to use nicknames to avoid disclosing usernames. 

# Stop WordPress username enumeration vulnerability
RewriteCond %{REQUEST_URI}  ^/$
RewriteCond %{QUERY_STRING} ^/?author=([0-9]*)
RewriteRule ^(.*)$ http://yoursite.com/somepage/? [L,R=301]

References

WordPress Username Enumeration Vulnerability

Exploiting & Remediating WordPress' User Enumeration Vulnerability ...

Related Vulnerabilities

SugarCRM Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3803)

WordPress Plugin Simple Download Button Shortcode 'file' Parameter Information Disclosure (1.0)

Apache Axis2 administration console weak password

WordPress 5.3.x Multiple Vulnerabilities (5.3 - 5.3.6)

Configuration file source code disclosure

Severity

Medium

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure Bruteforce Possible