WordPress has a security vulnerability exposing admin user name and private information that could be used for brute force attacks at login.
Using REST API, we can see all the WordPress users/author with some of their information. Which can even be Personal information of employees/author.
We have made a wordpress plugin to patch this vulnerablity based on the solution posted here
https://hackerone.com/reports/1735586
Download the WordPress plugin zip and activate it.
