Fullworks: Security Vulnerabilities
The Stop User Enumeration WordPress plugin before version 1.7.3 blocks REST API /wp-json/wp/v2/users/ requests for non-authorized users. However, this can be bypassed by URL-encoding the API path.
CVSS Score
5.3
EPSS Score
0.009
Published
2025-07-17
The Redirect 404 Error Page to Homepage or Custom Page with Logs WordPress plugin before 1.7.9 does not check for CSRF when deleting logs, which could allow attacker to make a logged in admin delete them via a CSRF attack
CVSS Score
6.5
EPSS Score
0.001
Published
2021-11-08
The stop-user-enumeration plugin before 1.3.8 for WordPress has XSS.
CVSS Score
6.1
EPSS Score
0.052
Published
2019-08-21
Stop User Enumeration 1.3.8 allows user enumeration via the REST API
CVSS Score
5.3
EPSS Score
0.004
Published
2017-11-17