Comments (1)
Could you please confirm the output of /wp-json/wp/v2/users/?per_page=100&page=1
?
When I do so, with a user on my site with username j@m3s
, WordPress itself tells me that the username is jm3s
, even though to log in I do need the @
character.
By default WordPress doesn't allow @
characters in usernames, so I had to manually edit the username in the DB in order to reproduce this. That said, it doesn't appear to be an issue with WPScan, but rather an issue with the way WP handles usernames with illegal characters in them.
Closing this as I believe it's an issue with WP, not WPScan, but feel free to reopen if I've misunderstood!
from wpscan.
Related Issues (20)
- Is v3.8.25 the latest release? HOT 2
- update database enumeration HOT 1
- Scan Aborted: undefined method `each' for 404:Integer HOT 3
- 404 on https://wpscan.com/howto-find-wordpress-plugin-vulnerabilities-wpscan-ebook.pdf HOT 2
- WordPress v6.4.2 wrongly detected as v6.4.1 resulting in a false positive alert HOT 2
- Cannot create account HOT 3
- I can't see any register form at website. HOT 4
- Scan Aborted: The number of themes detected reached the threshold of 20 which might indicate False Positive. It would be recommended to use the --exclude-content-based option to ignore the bad responses. HOT 1
- Prompt "Do you want to update now?" not printed
- JSON lines
- request time out or no response ERROR
- WordPress v6.4.3 wrongly detected as v6.4.2 resulting in a false positive alert HOT 2
- Error: Server error, try reducing the number of threads. WPSCAN
- Wpscan not following redirect when I set format to json
- False Negative HOT 4
- Using proxy to access target without internet HOT 1
- wpscan --update renders error after upgrade from Ubuntu 20.04 to Ubuntu 22.04. /usr/bin/ruby2.7: bad interpreter: No such file or directory HOT 2
- cannot load such file -- json HOT 5
- WP version detection from query parameters of upgrade.php etc.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from wpscan.