Description
In WordPress before 4.9.9 and 5.x before 5.0.1, the user-activation page could be read by a search engine's web crawler if an unusual configuration were chosen. The search engine could then index and display a user's e-mail address and (rarely) the password that was generated by default.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP STAGING WordPress Backup-Migration Backup Restore Cross-Site Scripting (2.9.17)
WordPress Plugin AW WordPress Yearly Category Archives Unspecified Vulnerability (1.2.1)
WordPress Uncontrolled Resource Consumption Vulnerability (CVE-2023-22622)
WordPress Plugin Bold Page Builder Security Bypass (2.3.1)
WordPress Plugin Facebook Opengraph Meta 'all_meta.php' SQL Injection (1.0)