CVE Database · CVE-2017-14990
CVSS v3.1
N/A
EPSS
1.76%
Published
Oct 2, 2017
Modified
May 12, 2026
Public PoC / Exploit (1)
All weaponized →Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.
Description
WordPress 4.8.2 stores cleartext wp_signups.activation_key values (but stores the analogous wp_users.user_activation_key values as hashes), which might make it easier for remote attackers to hijack unactivated user accounts by leveraging database read access (such as access gained through an unspecified SQL injection vulnerability).
Weaknesses (CWE)
Affected Products (3)
References (6)
