CVE-2017-14990

WordPress 4.8.2 stores cleartext wp_signups.activation_key values (but stores the analogous wp_users.user_activation_key values as hashes), which might make it easier for remote attackers to hijack unactivated user accounts by leveraging database read access (such as access gained through an unspecified SQL injection vulnerability).

Published : 2017-10-03 01:29 Updated : 2019-10-03 00:03

4.0
CVSS Score More info
Score 4.0 / 10
4.0
Vendor Product Version URI
Debian Debian Linux 8.0 cpe:/o:debian:debian_linux:8.0
Debian Debian Linux 9.0 cpe:/o:debian:debian_linux:9.0
Wordpress Wordpress 4.8.2 cpe:/a:wordpress:wordpress:4.8.2
  1. Wordpress (1) Search CVE
    1. Wordpress (1) Search CVE
      1. 4.8.2
  2. Debian (1) Search CVE
    1. Debian Linux (2) Search CVE
      1. 8.0
      2. 9.0

CWE

ID Name Description Links
CWE-312 Cleartext Storage of Sensitive Information The application stores sensitive information in cleartext within a resource that might be accessible to another control sphere. CVE

History of changes

Date Event
2019-10-03 00:03
2019-05-10 20:00
2017-11-10 02:29
2017-10-14 01:29
2017-10-13 20:32
2017-10-03 01:29

New CVE