Description
In WordPress before 4.9.9 and 5.x before 5.0.1, the user-activation page could be read by a search engine's web crawler if an unusual configuration were chosen. The search engine could then index and display a user's e-mail address and (rarely) the password that was generated by default.
Remediation
References
Related Vulnerabilities
copy-me Cross-Site Request Forgery (1.0.0)
PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-8393)
Squid Out-of-bounds Read Vulnerability (CVE-2021-28116)
Alpine PhotoTile for Instagram Cross-Site Scripting (1.2.6.5)
Oracle Database Server CVE-2011-0848 Vulnerability (CVE-2011-0848)