I am pretty sure this is some party doing some fishing on my WordPress site, an email from “Cyber Fort”
Severity: Medium-High
Bug Name: Username EnumerationWebsite: https://cog.dog
Affected POC: https://cog.dog/wp-json/wp/v2/users/Description:
During our comprehensive security assessment, we identified a Username Enumeration vulnerability on your site. This flaw allows attackers to discern valid usernames by analyzing different system responses during login, password reset, or registration processes. Such information significantly aids threat actors in launching targeted brute-force or social engineering attacks, potentially leading to unauthorized account access, data leakage, or account takeover.
I have only one user on this site, it’s my admin account, and the login name is NOT admin, that is merely the “nicename”, so I do not see any vulnerability in what the WordPress API returns for:
https://cog.dog/wp-json/wp/v2/users/
as this does not reveal in any way my admin login name.
amirite?