From dbfa5e2b1e3c6ecfe856cc251d274298308a4d0f Mon Sep 17 00:00:00 2001
From: Alexander Bridges <a.yakovlev911@gmail.com>
Date: Wed, 31 Oct 2018 23:19:31 +0200
Subject: [PATCH 1/2] Add some WP rest API endpoints

reference: http://v2.wp-api.org/
---
 Discovery/Web-Content/CMS/wordpress.fuzz.txt | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/Discovery/Web-Content/CMS/wordpress.fuzz.txt b/Discovery/Web-Content/CMS/wordpress.fuzz.txt
index 70d9e6c..d1776eb 100644
--- a/Discovery/Web-Content/CMS/wordpress.fuzz.txt
+++ b/Discovery/Web-Content/CMS/wordpress.fuzz.txt
@@ -858,6 +858,9 @@ wp-includes/widgets.php
 wp-includes/wlwmanifest.xml
 wp-includes/wp-db.php
 wp-includes/wp-diff.php
+wp-json/
+wp-json/wp/v2/posts
+wp-json/wp/v2/users
 wp-links-opml.php
 wp-load.php
 wp-login.php

From a53dae2a769ce03f5938cedc91f3ff88ee4b862e Mon Sep 17 00:00:00 2001
From: Alexander Bridges <a.yakovlev911@gmail.com>
Date: Wed, 31 Oct 2018 23:27:00 +0200
Subject: [PATCH 2/2] Add /wp-json/wp/v2/users

Add /wp-json/wp/v2/users WP REST API endpoint which exposes sensitive information - list of all WP users, which could be used for brute-force attacks.
---
 Discovery/Web-Content/quickhits.txt | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Discovery/Web-Content/quickhits.txt b/Discovery/Web-Content/quickhits.txt
index 487cfbf..29f0412 100644
--- a/Discovery/Web-Content/quickhits.txt
+++ b/Discovery/Web-Content/quickhits.txt
@@ -2330,6 +2330,7 @@
 /wp-content/plugins/disqus-comment-system/disqus.php
 /wp-content/plugins/google-sitemap-generator/sitemap-core.php
 /wp-content/uploads/
+/wp-json/wp/v2/users
 /wp-register.php
 /wp.php
 /wp.rar/