Fullworks: >> Stop User Enumeration Security Vulnerabilities
The Stop User Enumeration WordPress plugin before version 1.7.3 blocks REST API /wp-json/wp/v2/users/ requests for non-authorized users. However, this can be bypassed by URL-encoding the API path.
CVSS Score
5.3
EPSS Score
0.009
Published
2025-07-17
The stop-user-enumeration plugin before 1.3.8 for WordPress has XSS.
CVSS Score
6.1
EPSS Score
0.052
Published
2019-08-21
Stop User Enumeration 1.3.8 allows user enumeration via the REST API
CVSS Score
5.3
EPSS Score
0.004
Published
2017-11-17