diff --git a/CHANGELOG b/CHANGELOG
index 332b4334b..ae5ef412a 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -13,6 +13,9 @@ o [NSE][GH#1665] The HTTP library no longer crashes when code requests digest
   authentication but the server does not provide the necessary authentication
   header. [nnposter]
 
+o [NSE] Fixed a bug in http-wordpress-users.nse that could cause
+  extraneous output to be captured as part of a username. [Duarte Silva]
+
 Nmap 7.80 [2019-08-10]
 
 o [Windows] The Npcap Windows packet capturing library (https://npcap.org/)
diff --git a/scripts/http-wordpress-users.nse b/scripts/http-wordpress-users.nse
index 1f6a5e748..30b8270c2 100644
--- a/scripts/http-wordpress-users.nse
+++ b/scripts/http-wordpress-users.nse
@@ -64,7 +64,7 @@ local function get_wp_user(host, port, path, id)
     elseif req.status == 200 then
       -- Users with no posts get a 200 response, but the name is in an RSS link.
       -- http://seclists.org/nmap-dev/2011/q3/812
-      local _, _, user = string.find(req.body, 'https?://.-/author/(.-)/feed/')
+      local _, _, user = string.find(req.body, 'https?://.-/author/([^/]+)/feed/')
       return user
     end
   end