Support » Plugin: Stop User Enumeration » Bypass protection with URL-encoded null bytes

Viewing 3 replies - 1 through 3 (of 3 total)
  • Thanks for both the vulnerability and the suggested edit. I hope to be able to make a release shortly

    I am including this in the next release.

    It is only required in the second match.

    The first match is there to allow genuine get calls to author in the admin backend to get through (as when you click on ‘author’ links in posts is uses author in the query string )

    Released

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Bypass protection with URL-encoded null bytes’ is closed to new replies.