WordPress User IDs And User Names Disclosure Network Vulnerability

Summary

WordPress platforms use a parameter called `author'. This parameter accepts integer values and represents the `User ID' of users in the web site. For example: http://www.example.com/?author=1 The problems found are: 1. User ID values are generated consecutively. 2. When a valid User ID is found, WordPress redirects to a web page with the name of the author. These problems trigger the following attack vectors: 1. The query response discloses whether the User ID is enabled. 2. The query response leaks (by redirection) the User Name corresponding with that User ID.

References

http://www.talsoft.com.ar/index.php/research/security-advisories/wordpress-user-id-and-user-name-disclosure

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 5.8 AV:A/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
Apache Tomcat NIO Connector Denial of Service Vulnerability
An Image Gallery Multiple Cross-Site Scripting Vulnerability
Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
Annuaire PHP 'sites_inscription.php' Cross Site Scripting Vulnerability

WordPress User IDs and User Names Disclosure

Take action and discover your vulnerabilities