User Activation Page Information Disclosure Vulnerability

User Activation Page Information Disclosure Vulnerability

CVE-2018-20151 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

In WordPress before 4.9.9 and 5.x before 5.0.1, the user-activation page could be read by a search engine's web crawler if an unusual configuration were chosen. The search engine could then index and display a user's e-mail address and (rarely) the password that was generated by default.

Learn more about our Wordpress Pen Testing.