7 matches found
Stop User Enumeration WordPress plugin - Authentication Bypass
Stop User Enumeration WordPress plugin 1.7.3 contains an authentication bypass caused by URL-encoding the REST API path /wp-json/wp/v2/users/, letting attackers bypass user enumeration restrictions, exploit requires crafted URL encoding. id: CVE-2025-4302 info: name: Stop User Enumeration WordPre...
CVE-2025-4302
The Stop User Enumeration WordPress plugin before version 1.7.3 blocks REST API /wp-json/wp/v2/users/ requests for non-authorized users. However, this can be bypassed by URL-encoding the API path...
CVE-2025-4302
creationtimestamp| type| source ---|---|--- 2025-07-17 10:43:23+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lu5qquihgh2w 2025-11-07 17:01:44+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2025/CVE-2025-4302.yaml 2025-11-08...
CVE-2025-4302
The Stop User Enumeration WordPress plugin before version 1.7.3 blocks REST API /wp-json/wp/v2/users/ requests for non-authorized users. However, this can be bypassed by URL-encoding the API path...
CVE-2025-4302
The Stop User Enumeration WordPress plugin before version 1.7.3 blocks REST API /wp-json/wp/v2/users/ requests for non-authorized users. However, this can be bypassed by URL-encoding the API path...
CVE-2025-4302 Stop User Enumeration < 1.7.3 - Protection Bypass
The Stop User Enumeration WordPress plugin before version 1.7.3 blocks REST API /wp-json/wp/v2/users/ requests for non-authorized users. However, this can be bypassed by URL-encoding the API path...
CVE-2025-4302
The CVE-2025-4302 issue affects the Stop User Enumeration WordPress plugin prior to version 1.7.3, where an authentication bypass is possible by URL-encoding the REST API path /wp-json/wp/v2/users/. This bypass defeats the plugin’s user-enumeration protections, and may facilitate brute-force atte...