vulnerability
Wordpress: CVE-2018-20151: Information Exposure
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
5 | (AV:N/AC:L/Au:N/C:P/I:N/A:N) | 2018-12-14 | 2019-01-15 | 2024-11-27 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published
2018-12-14
Added
2019-01-15
Modified
2024-11-27
Description
In WordPress before 4.9.9 and 5.x before 5.0.1, the user-activation page could be read by a search engine's web crawler if an unusual configuration were chosen. The search engine could then index and display a user's e-mail address and (rarely) the password that was generated by default.
Solution(s)
wordpress-upgrade-4_9_9wordpress-upgrade-5_0_1

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.