CVE-2018-20151
CVE-2018-20151 affects WordPress prior to 4.9.9 and 5.x prior to 5.0.1. The vulnerability allows a search-engine crawler to access the user activation page under certain configurations, enabling indexing/display of a user’s email address and, rarely, the default-generated password. CVSS data from...