WordPress Username Exposure via Sitemap on Payapps.com | Bug Bounty
Hello, fellow cyber defenders! In today’s post, we’re diving into a low-hanging fruit vulnerability that often gets overlooked — but can have serious consequences if left unpatched. A WordPress misconfiguration was spotted on Payapps.com , where the site's author-sitemap.xml file was publicly available. This exposed internal usernames, making it easier for attackers to conduct brute-force login attacks or craft phishing emails targeting employees.
