Nextcloud: Wordpress Users Disclosure

2019-06-22T00:04:42
ID H1:625199
Type hackerone
Reporter abay
Modified 2019-07-01T09:32:11

Description

Information Using REST API, we can see all the WordPress users/author with some of their information.

Step to Reproduce You can get user info by entering below url in your browser: https://nextcloud.com/wp-json/wp/v2/users

Reference: #356047

Impact

Authors : LTR , LTREditor can be created scenario of doing bruteforce attacks to this users.