QwikSec

Security Database

CVE

CWE

Training

CVE-2018-20151

Published: Dec 14, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

In WordPress before 4.9.9 and 5.x before 5.0.1, the user-activation page could be read by a search engine's web crawler if an unusual configuration were chosen. The search engine could then index and display a user's e-mail address and (rarely) the password that was generated by default.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_BID

https://wordpress.org/support/wordpress-version/version-5-0-1/

x_refsource_MISC

https://wpvulndb.com/vulnerabilities/9174

x_refsource_MISC

https://codex.wordpress.org/Version_4.9.9

x_refsource_MISC

vendor-advisory

x_refsource_DEBIAN

https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/

x_refsource_MISC

[debian-lts-announce] 20190211 [SECURITY] [DLA 1673-1] wordpress security update

mailing-list

x_refsource_MLIST

https://www.zdnet.com/article/wordpress-plugs-bug-that-led-to-google-indexing-some-user-passwords/

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.