CVE-2025-4302

Summary

The Stop User Enumeration WordPress plugin before version 1.7.3 blocks REST API /wp-json/wp/v2/users/ requests for non-authorized users. However, this can be bypassed by URL-encoding the API path.

Affected Software

VendorProductVersion RangeStatus
UnknownStop User Enumeration0 < 1.7.3affected

Weaknesses

  • CWE-203 Observable Discrepancy

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

References