WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites. Contact us via contact@wpscan.com
coverage: 85.984% (+0.02%) from 85.966%
when pulling d2841dbf5acd0ef58f4a9b76d4372db4900915b0 on fix/handle-invalid-wp-json-response
into 96b6b81d7813194658cdd8ded7b8834c5e5437af on master.
Fixes #1817
Testing instructions
Add the following code snippet to the WordPress site to simulate an unusual string response from the JSON API.
Run WPScan against the site and try to enumerate users (
-e u
). It should not crash.