Tomdxw

**Name of the Vulnerable Software and Affected Versions** WordPress version 4.8.2 debian linux (affected versions not specified) **Description** The issue allows remote attackers to potentially hijack unactivated user accounts by leveraging database read access, such as through an unspecified SQL injection vulnerability. This is because WordPress stores `wp signups.activation key` values in cleartext, unlike the hashed `wp users.user activation key` values. **Recommendations** For WordPress version 4.8.2, consider updating to a newer version that addresses this issue. For debian linux, at the moment, there is no information about a newer version that contains a fix for this vulnerability.