Skip to content

Information Disclosure: WordPress REST API Users Exposed¶

Identifier: wordpress_rest_api_users_exposed

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner	ASM Scanner

Description¶

WordPress REST API user endpoint exposure allows unauthenticated access to user details through /wp/users, enabling attackers to enumerate users and aid in reconnaissance for targeted attacks.

How we test: We attempt to access the /wp/users endpoint without authentication and analyze responses to detect if user details are exposed. We check if the endpoint returns user information that could be used for enumeration and targeted attacks.

Configuration¶

Example¶

Example configuration:

---
security_tests:
  wordpress_rest_api_users_exposed:
    skip: false

Reference¶

`skip`¶

Type : boolean

Skip the test if true.