SCG CMS Wordpress

Summary
WordPress started in 2003 with a single bit of code to enhance the typography of everyday writing and with fewer users than you can count on your fingers and toes. Since then it has grown to be the largest self-hosted blogging tool in the world, used on millions of sites and seen by tens of millions of people every day. WordPress is web software you can use to create a beautiful website or blog. We like to say that WordPress is both free and priceless at the same time.

Description
%ProductName% allows unauthorized attacker to list all users of the system ...

// Detailed description of the impact. Is it enabled by default? Vulnerable versions.

How to test
In order to test for %Misconfiguration_1%, one should ...

// Proof-of-concept here. Please include the screenshots and widely known tools/scanners!

Remediation
Initial/common value of parameter "listUsers" from config.xml is set to "true".

To assess the vulnerability it is enough to change the value to false:

false

 To be filled in in accordance to the template, some useful links: 

http://codex.wordpress.org/Hardening_WordPress (consider writing only real security risks with good examples)

https://github.com/anantshri/wp-security (extract samples from here. keep them as code sections either for a plugin or for a theme functions.php, .htaccess or nginx config file)