vulnerability

Wordpress: CVE-2018-20151: Information Exposure

Severity
5
CVSS
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published
2018-12-14
Added
2019-01-15
Modified
2024-11-27

Description

In WordPress before 4.9.9 and 5.x before 5.0.1, the user-activation page could be read by a search engine's web crawler if an unusual configuration were chosen. The search engine could then index and display a user's e-mail address and (rarely) the password that was generated by default.

Solution(s)

wordpress-upgrade-4_9_9wordpress-upgrade-5_0_1
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.