Описание
WordPress 4.8.2 stores cleartext wp_signups.activation_key values (but stores the analogous wp_users.user_activation_key values as hashes), which might make it easier for remote attackers to hijack unactivated user accounts by leveraging database read access (such as access gained through an unspecified SQL injection vulnerability).
| Релиз | Статус | Примечание |
|---|---|---|
| artful | not-affected | 4.8.2+dfsg-2 |
| bionic | not-affected | 4.8.2+dfsg-2 |
| cosmic | not-affected | 4.8.2+dfsg-2 |
| devel | not-affected | 4.8.2+dfsg-2 |
| disco | not-affected | 4.8.2+dfsg-2 |
| eoan | not-affected | 4.8.2+dfsg-2 |
| esm-apps/bionic | not-affected | 4.8.2+dfsg-2 |
| esm-apps/focal | not-affected | 4.8.2+dfsg-2 |
| esm-apps/jammy | not-affected | 4.8.2+dfsg-2 |
| esm-apps/noble | not-affected | 4.8.2+dfsg-2 |
Показывать по
Ссылки на источники
EPSS
4 Medium
CVSS2
6.5 Medium
CVSS3
Связанные уязвимости
WordPress 4.8.2 stores cleartext wp_signups.activation_key values (but stores the analogous wp_users.user_activation_key values as hashes), which might make it easier for remote attackers to hijack unactivated user accounts by leveraging database read access (such as access gained through an unspecified SQL injection vulnerability).
WordPress 4.8.2 stores cleartext wp_signups.activation_key values (but ...
WordPress 4.8.2 stores cleartext wp_signups.activation_key values (but stores the analogous wp_users.user_activation_key values as hashes), which might make it easier for remote attackers to hijack unactivated user accounts by leveraging database read access (such as access gained through an unspecified SQL injection vulnerability).
EPSS
4 Medium
CVSS2
6.5 Medium
CVSS3