CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-4302: Stop User Enumeration < 1.7.3 - Protection Bypass

Description

The Stop User Enumeration WordPress plugin before version 1.7.3 blocks REST API /wp-json/wp/v2/users/ requests for non-authorized users. However, this can be bypassed by URL-encoding the API path.

Classification

CVE ID: CVE-2025-4302

Problem Types

CWE-203 Observable Discrepancy

Affected Products

Vendor: Unknown

Product: Stop User Enumeration

References

https://nvd.nist.gov/vuln/detail/CVE-2025-4302
https://wpscan.com/vulnerability/19f67d6e-4ffe-4126-ac42-fb23c5017a3e

Timeline

2025-07-17 08:40:11 UTC
CVE

Stop User Enumeration < 1.7.3 - Protection Bypass