Summary
WordPress platforms use a parameter called `author'. This parameter accepts integer values and represents the `User ID' of users in the web site. For example: http://www.example.com/?author=1
The problems found are:
1. User ID values are generated consecutively.
2. When a valid User ID is found, WordPress redirects to a web page with the name of the author.
These problems trigger the following attack vectors:
1. The query response discloses whether the User ID is enabled.
2. The query response leaks (by redirection) the User Name corresponding with that User ID.
References