CVE-2025-4302
published 2025-07-17CVE-2025-4302: The Stop User Enumeration WordPress plugin before version 1.7.3 blocks REST API /wp-json/wp/v2/users/ requests for non-authorized users. However, this can be…
PriorityP337medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EXPLOIT
EPSS
0.85%
53.4th percentile
The Stop User Enumeration WordPress plugin before version 1.7.3 blocks REST API /wp-json/wp/v2/users/ requests for non-authorized users. However, this can be bypassed by URL-encoding the API path.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fullworksplugins | stop_user_enumeration | < 1.7.3 | 1.7.3 |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
vendor_redhat7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Stop User Enumeration WordPress plugin - Authentication Bypass
nuclei·CVSS 5.3
CVE-2025-4302 [MEDIUM] Stop User Enumeration WordPress plugin - Authentication Bypass
Stop User Enumeration WordPress plugin - Authentication Bypass
Stop User Enumeration WordPress plugin < 1.7.3 contains an authentication bypass caused by URL-encoding the REST API path /wp-json/wp/v2/users/, letting attackers bypass user enumeration restrictions, exploit requires crafted URL encoding.
Template:
id: CVE-2025-4302
info:
name: Stop User Enumeration WordPress plugin - Authentication Bypass
author: Kazgangap
severity: medium
description: |
Stop User Enumeration WordPress plugin < 1.7.3 contains an authentication bypass caused by URL-encoding the REST API path /wp-json/wp/v2/users/, letting attackers bypass user enumeration restrictions, exploit requires crafted URL encoding.
impact: |
Attackers can bypass user enumeration protection through URL-encoding manipulation, potent
No writeups or analysis indexed.
2025-07-17
Published