Описание
In WordPress before 4.9.9 and 5.x before 5.0.1, the user-activation page could be read by a search engine's web crawler if an unusual configuration were chosen. The search engine could then index and display a user's e-mail address and (rarely) the password that was generated by default.
Ссылки
- Third Party AdvisoryVDB Entry
- ProductVendor Advisory
- Mailing ListThird Party Advisory
- Release NotesVendor Advisory
- Release NotesVendor Advisory
- Vendor Advisory
- Third Party Advisory
- Press/Media CoverageThird Party Advisory
- Third Party AdvisoryVDB Entry
- ProductVendor Advisory
- Mailing ListThird Party Advisory
- Release NotesVendor Advisory
- Release NotesVendor Advisory
- Vendor Advisory
- Third Party Advisory
- Press/Media CoverageThird Party Advisory
Уязвимые конфигурации
Одно из
Одно из
EPSS
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
Связанные уязвимости
In WordPress before 4.9.9 and 5.x before 5.0.1, the user-activation page could be read by a search engine's web crawler if an unusual configuration were chosen. The search engine could then index and display a user's e-mail address and (rarely) the password that was generated by default.
In WordPress before 4.9.9 and 5.x before 5.0.1, the user-activation pa ...
In WordPress before 4.9.9 and 5.x before 5.0.1, the user-activation page could be read by a search engine's web crawler if an unusual configuration were chosen. The search engine could then index and display a user's e-mail address and (rarely) the password that was generated by default.
EPSS
7.5 High
CVSS3
5 Medium
CVSS2