Lucene search
K

7 matches found

Nuclei
Nuclei
added 9 hours ago25 views

Stop User Enumeration WordPress plugin - Authentication Bypass

Stop User Enumeration WordPress plugin 1.7.3 contains an authentication bypass caused by URL-encoding the REST API path /wp-json/wp/v2/users/, letting attackers bypass user enumeration restrictions, exploit requires crafted URL encoding. id: CVE-2025-4302 info: name: Stop User Enumeration WordPre...

5.3CVSS5.9AI score0.00847EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/07/19 7:56 a.m.12 views

CVE-2025-4302

The Stop User Enumeration WordPress plugin before version 1.7.3 blocks REST API /wp-json/wp/v2/users/ requests for non-authorized users. However, this can be bypassed by URL-encoding the API path...

5.3CVSS7.2AI score0.00847EPSS
Exploits1References1
Circl
Circl
added 2025/07/17 10:43 a.m.18 views

CVE-2025-4302

creationtimestamp| type| source ---|---|--- 2025-07-17 10:43:23+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lu5qquihgh2w 2025-11-07 17:01:44+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2025/CVE-2025-4302.yaml 2025-11-08...

5.3CVSS5.7AI score0.00847EPSS
Exploits1References4
NVD
NVD
added 2025/07/17 8:15 a.m.31 views

CVE-2025-4302

The Stop User Enumeration WordPress plugin before version 1.7.3 blocks REST API /wp-json/wp/v2/users/ requests for non-authorized users. However, this can be bypassed by URL-encoding the API path...

5.3CVSS0.00847EPSS
Exploits1References1
OSV
OSV
added 2025/07/17 8:15 a.m.5 views

CVE-2025-4302

The Stop User Enumeration WordPress plugin before version 1.7.3 blocks REST API /wp-json/wp/v2/users/ requests for non-authorized users. However, this can be bypassed by URL-encoding the API path...

5.3CVSS5.8AI score0.00847EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/07/17 7:37 a.m.5 views

CVE-2025-4302 Stop User Enumeration < 1.7.3 - Protection Bypass

The Stop User Enumeration WordPress plugin before version 1.7.3 blocks REST API /wp-json/wp/v2/users/ requests for non-authorized users. However, this can be bypassed by URL-encoding the API path...

7.1AI score0.00847EPSS
Exploits1References1
CVE
CVE
added 2025/07/17 7:37 a.m.65 views

CVE-2025-4302

The CVE-2025-4302 issue affects the Stop User Enumeration WordPress plugin prior to version 1.7.3, where an authentication bypass is possible by URL-encoding the REST API path /wp-json/wp/v2/users/. This bypass defeats the plugin’s user-enumeration protections, and may facilitate brute-force atte...

5.3CVSS6.6AI score0.00847EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder