From a53dae2a769ce03f5938cedc91f3ff88ee4b862e Mon Sep 17 00:00:00 2001
From: Alexander Bridges <a.yakovlev911@gmail.com>
Date: Wed, 31 Oct 2018 23:27:00 +0200
Subject: [PATCH] Add /wp-json/wp/v2/users

Add /wp-json/wp/v2/users WP REST API endpoint which exposes sensitive information - list of all WP users, which could be used for brute-force attacks.
---
 Discovery/Web-Content/quickhits.txt | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Discovery/Web-Content/quickhits.txt b/Discovery/Web-Content/quickhits.txt
index 487cfbf2..29f04122 100644
--- a/Discovery/Web-Content/quickhits.txt
+++ b/Discovery/Web-Content/quickhits.txt
@@ -2330,6 +2330,7 @@
 /wp-content/plugins/disqus-comment-system/disqus.php
 /wp-content/plugins/google-sitemap-generator/sitemap-core.php
 /wp-content/uploads/
+/wp-json/wp/v2/users
 /wp-register.php
 /wp.php
 /wp.rar/