PT-2018-15272 · WordPress · Wordpress
Sam Thomas
·
Published
2018-12-14
·
Updated
2019-03-04
·
CVE-2018-20151
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
WordPress versions prior to 4.9.9
WordPress versions 5.x prior to 5.0.1
Description
The user-activation page could be accessed by a search engine's web crawler under certain configurations, potentially allowing the search engine to index and display a user's e-mail address and, in rare cases, the default-generated password.
Recommendations
For WordPress versions prior to 4.9.9, update to version 4.9.9 or later.
For WordPress versions 5.x prior to 5.0.1, update to version 5.0.1 or later.
Exploit
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wordpress