Reply to post: Re: And...

WordPress fixed god-mode zero day without disclosing the problem

Anonymous Coward
Anonymous Coward

Re: And...

The WordFence security plugin is able to block this potential hole. Your test above confirms this:-

{"code":"rest_user_cannot_view","message":"Sorry, you are not allowed to list users.","data":{"status":401}}

Not that I want this to sound like a promo for WordFence. While it's undoubtedly useful, it shouldn't be necessary to have it simply to block stuff like this API merely because WordPress itself won't let you do so. Strangely, a third party can manage it, but Wordpress themselves can't...?!

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021