🟡 CORS Misconfiguration Leads to Sensitive Exposure
It's possible to get information about the users registered (such as id, name, login name, etc.) without authentication in WordPress via API.
| Url | Type | Bounty |
|---|---|---|
| https://hackerone.com/reports/1187543 | Sensitive Information | - |
🟡 CORS misconfiguration in TikTok ads portal
A CORS misconfiguration was discovered in the TikTok ads portal which could potentially allow an attacker to obtain user IDs and usernames of logged in users.
| Url | Type | Bounty |
|---|---|---|
| https://hackerone.com/reports/1187543 | Sensitive Information | - |
🟡 CORS Misconfiguration and API access
It's possible to get information about the users registered (such as id, name, login name, etc.) without authentication in WordPress via API.
| Url | Type | Bounty |
|---|---|---|
| https://r0b0ts.medium.com/my-first-bug-bounty-cors-misconfiguration-3e6f38835c4e | Sensitive Information | - |