[FALSE-NEGATIVE] wp-user-enum.yaml

[kayra-s4e]

Template IDs or paths

wp-user-enum.yaml

Environment

- OS: macos 15.1.1 (24B91)
- Nuclei: v3.3.8
- Go: go version go1.21.5 darwin/arm64

Steps To Reproduce

nuclei -u https://example.com -t template.yaml

It cannot be found when there is no avatar_urls. For example, in this json response, the template does not produce any findings.

[
{
"id": 3,
"name": "k4yra",
"url": "",
"description": "",
"link": "https://example.com/author/k4yra/",
"slug": "k4yra",
"meta": [],
"_links": {
"self": [
{
"href": "https://example.com/wp-json/wp/v2/users/3"
}
],
"collection": [
{
"href": "https://example.com/wp-json/wp/v2/users"
}
]
}
},
{
"id": 4,
"name": "k4yradev",
"url": "",
"description": "",
"link": "https://example.com/author/k4yradev/",
"slug": "k4yradev",
"meta": [],
"_links": {
"self": [
{
"href": "https://example.com/wp-json/wp/v2/users/4"
}
],
"collection": [
{
"href": "https://example.com/wp-json/wp/v2/users"
}
]
}
}
]

Relevant dumped responses

$ nuclei -t nuclei-templates/http/vulnerabilities/wordpress/wp-user-enum.yaml -u https://example.com -debug

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v3.3.8

    projectdiscovery.io

[INF] Current nuclei version: v3.3.8 (latest)
[INF] Current nuclei-templates version: v10.1.2 (latest)
[WRN] Scan results upload to cloud is disabled.
[INF] New templates added in latest release: 52
[INF] Templates loaded for current scan: 1
[INF] Executing 1 signed templates from projectdiscovery/nuclei-templates
[INF] Targets loaded for current scan: 1
[INF] [wp-user-enum] Dumped HTTP request for https://example.com/wp-json/wp/v2/users/

GET /wp-json/wp/v2/users/ HTTP/1.1
Host: example.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4 Safari/605.4.22
Connection: close
Accept: */*
Accept-Language: en
Accept-Encoding: gzip

[DBG] [wp-user-enum] Dumped HTTP response https://example.com/wp-json/wp/v2/users/

HTTP/1.1 200 OK
Connection: close
Content-Length: 590
Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type
Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link
Allow: GET
Content-Type: application/json; charset=UTF-8
Date: Sat, 25 Jan 2025 13:21:10 GMT
Link: <https://example.com/wp-json/>; rel="https://api.w.org/"
Server: Microsoft-IIS/8.5
Set-Cookie: ApplicationGatewayAffinityCORS=1b50e686dc0ef06f0252172f19cb6c8a; Path=/; SameSite=None; Secure
Set-Cookie: ApplicationGatewayAffinity=1b50e686dc0ef06f0252172f19cb6c8a; Path=/
Vary: Origin
X-Content-Type-Options: nosniff
X-Powered-By: ASP.NET
X-Powered-By-Plesk: PleskWin
X-Robots-Tag: noindex
X-Wp-Total: 2
X-Wp-Totalpages: 1

[{"id":3,"name":"emes","url":"","description":"","link":"https:\/\/example.com\/author\/emes\/","slug":"emes","meta":[],"_links":{"self":[{"href":"https:\/\/example.com\/wp-json\/wp\/v2\/users\/3"}],"collection":[{"href":"https:\/\/example.com\/wp-json\/wp\/v2\/users"}]}},{"id":4,"name":"emesdev","url":"","description":"","link":"https:\/\/example.com\/author\/emesdev\/","slug":"emesdev","meta":[],"_links":{"self":[{"href":"https:\/\/example.com\/wp-json\/wp\/v2\/users\/4"}],"collection":[{"href":"https:\/\/example.com\/wp-json\/wp\/v2\/users"}]}}]
[INF] [wp-user-enum] Dumped HTTP request for https://example.com/?rest_route=/wp/v2/users/

GET /?rest_route=/wp/v2/users/ HTTP/1.1
Host: example.com
User-Agent: Mozilla/5.0 (CentOS; Linux x86_64; rv:122.0) Gecko/20100101 Firefox/122.0
Connection: close
Accept: */*
Accept-Language: en
Cookie: ApplicationGatewayAffinityCORS=1b50e686dc0ef06f0252172f19cb6c8a; ApplicationGatewayAffinity=1b50e686dc0ef06f0252172f19cb6c8a
Accept-Encoding: gzip

[DBG] [wp-user-enum] Dumped HTTP response https://example.com/?rest_route=/wp/v2/users/

HTTP/1.1 200 OK
Connection: close
Content-Length: 590
Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type
Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link
Allow: GET
Content-Type: application/json; charset=UTF-8
Date: Sat, 25 Jan 2025 13:21:11 GMT
Link: <https://example.com/wp-json/>; rel="https://api.w.org/"
Server: Microsoft-IIS/8.5
Vary: Origin
X-Content-Type-Options: nosniff
X-Powered-By: ASP.NET
X-Powered-By-Plesk: PleskWin
X-Robots-Tag: noindex
X-Wp-Total: 2
X-Wp-Totalpages: 1

[{"id":3,"name":"emes","url":"","description":"","link":"https:\/\/example.com\/author\/emes\/","slug":"emes","meta":[],"_links":{"self":[{"href":"https:\/\/example.com\/wp-json\/wp\/v2\/users\/3"}],"collection":[{"href":"https:\/\/example.com\/wp-json\/wp\/v2\/users"}]}},{"id":4,"name":"emesdev","url":"","description":"","link":"https:\/\/example.com\/author\/emesdev\/","slug":"emesdev","meta":[],"_links":{"self":[{"href":"https:\/\/example.com\/wp-json\/wp\/v2\/users\/4"}],"collection":[{"href":"https:\/\/example.com\/wp-json\/wp\/v2\/users"}]}}]
[INF] No results found. Better luck next time!

Anything else?

avatar_urls should be removed

[ritikchaddha]

Hello @kayra-s4e, Thank you for highlighting this issue.
We have updated the matcher. Your feedback is invaluable to us!