This exploit targets WordPress versions prior to 5.3 by leveraging the REST API endpoint `/wp-json/wp/v2/users/` to enumerate user information. It sends a GET request to the endpoint and parses the JSON response to extract user IDs, names, and usernames.
Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target:WordPress < 5.3
No auth needed
Prerequisites:Access to the WordPress REST API endpoint