Wordpress : Security Vulnerabilities, CVEs, Published In 2018 (Information Leak)
In WordPress before 4.9.9 and 5.x before 5.0.1, the user-activation page could be read by a search engine's web crawler if an unusual configuration were chosen. The search engine could then index and display a user's e-mail address and (rarely) the password that was generated by default.
Max CVSS
7.5
EPSS Score
1.03%
Published
2018-12-14
Updated
2019-03-04
1 vulnerabilities found