#If you report a succesfull coordinated vulnarability disclosure, we'll give you credits here
#########
#Vulnerability Report #1:
#Vulnerability Report date:20231212  
#Vulnerability Name : Wordpress Users Disclosure (/wp-json/wp/v2/users/)
#Vulnerable URL : https://eerlijkdigitaalonderwijs.nl/wp-json/wp/v2/users
#Description :  Using REST API, we can see all the WordPress users/authors with some of their information.
#Steps to Reproduce:
#    Navigate to the given URL : https://eerlijkdigitaalonderwijs.nl/wp-json/wp/v2/users
#    you will be able to see all the details of the wordpress users.
#Solution:
#    Installed the plugin: https://nl.wordpress.org/plugins/disable-json-api/
#Reported by: 
#     Vikas Anand (kingcoolvikas) 
#Thank you for reporting this! 
#########
#Vulnerability Report #2:
#Vulnerability Report date:20240513  
#Vulnerability Name : 2FA bypass
#Vulnerable URL : https://eerlijkdigitaalonderwijs.nl/wp-login.php
#Description :  
#Steps to Reproduce:
#    1.Go to  https://eerlijkdigitaalonderwijs.nl/wp-login.php and login into your account.
#    2.Now setup 2FA in your account settings.
#    3.Now log out from your account.
#    4.Now go to login, enter your credentials and it will ask to enter 2FA
#    5.Now turn on your burp intercept(proxy tool), Enter the 2FA code and capture the 2FA http request.
#    6.Now send the http request into burp intruder tab
#    7.Now start brute forcing the 2fa code, and you will see success after successful bruteforce.
#Solution:
#    Updated the WP 2FA plugin
#Reported by: 
#     Khurana Shivangi
#Thank you for reporting this! 
#########