Fullworksplugins Stop User Enumeration vulnerabilities
3 known vulnerabilities affecting fullworksplugins/stop_user_enumeration.
Total CVEs
3
CISA KEV
0
Public exploits
2
Exploited in wild
1
Severity breakdown
MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2017-1000226P1MEDIUMCVSS 5.3Exploitedv1.3.82017-11-17
CVE-2017-1000226 [MEDIUM] CWE-200 CVE-2017-1000226: Stop User Enumeration 1.3.8 allows user enumeration via the REST API
Stop User Enumeration 1.3.8 allows user enumeration via the REST API
nvd
CVE-2017-18536P3MEDIUMCVSS 6.1PoCfixed in 1.3.82019-08-21
CVE-2017-18536 [MEDIUM] CWE-79 CVE-2017-18536: The stop-user-enumeration plugin before 1.3.8 for WordPress has XSS.
The stop-user-enumeration plugin before 1.3.8 for WordPress has XSS.
nvd
CVE-2025-4302P3MEDIUMCVSS 5.3PoCfixed in 1.7.32025-07-17
CVE-2025-4302 [MEDIUM] CWE-203 CVE-2025-4302: The Stop User Enumeration WordPress plugin before version 1.7.3 blocks REST API /wp-json/wp/v2/users
The Stop User Enumeration WordPress plugin before version 1.7.3 blocks REST API /wp-json/wp/v2/users/ requests for non-authorized users. However, this can be bypassed by URL-encoding the API path.
nvd