CVE-2017-14990

Name of the Vulnerable Software and Affected Versions WordPress version 4.8.2 debian linux (affected versions not specified)

Description The issue allows remote attackers to potentially hijack unactivated user accounts by leveraging database read access, such as through an unspecified SQL injection vulnerability. This is because WordPress stores wp signups.activation key values in cleartext, unlike the hashed wp users.user activation key values.

Recommendations For WordPress version 4.8.2, consider updating to a newer version that addresses this issue. For debian linux, at the moment, there is no information about a newer version that contains a fix for this vulnerability.