User Information Disclosure via REST API

Hello, REST-API, allows anonymous access to functionality that allows a hacker to list all users who have published a post on a WordPress site. Unfortunately, this generally includes the admin account POC: https://owncloud.com/wp-json/wp/v2/users/ https://owncloud.com/wp-json/wp/v2/users/1/ Kind Regards, Alex.