02 Oct 2017
CVE-2017-14990 - CVE Vulnerability
WordPress 4.8.2 stores cleartext wp_signups.activation_key values (but stores the analogous wp_users.user_activation_key values as hashes), which might make it easier for remote attackers to hijack unactivated user accounts by leveraging database read access (such as access gained through an unspecified SQL injection vulnerability). (CVSS:0.0) (Last Update:2017-10-02)
Vulnerability Details : WordPress 4.8.2 stores cleartext wp_signups.activation_key values (but stores the analogous wp_users.user_activation_key values as hashes), which might make it easier for remote attackers to hijack unactivated user accounts by leveraging database read access (such as access gained through an unspecified SQL injection vulnerability). Publish Date : 2017-10-02 Last Update Date : 2017-10-02 - CVSS Scores & Vulnerability Types
- Products Affected By CVE-2017-14990
- References For CVE-2017-14990
| ||||||||||||||||||||||||||||||||||||||||||||||
- Metasploit Modules Related To CVE-2017-14990There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information) |