search

User Enumeration

hashtag
API access:

https://<in-scope site>/api/wp/v2/users
https://<in-scope site>/wp-json/wp/v2/users

hashtag
User profile redirection:

https://<in-scope site>/?autor=(1,2,3......)>

Each user is assigned an sequential ID number when the account is created, if a valid ID number is supplied a redirect to the user profile page is triggered. The redirect url will contain the user account name.

PreviousWordpressNextWPScan

Last updated