cvedb.io
CVE-2017-14990
MEDIUM · CVSS 6.5
EPSS exploitation probability: 0%
Published 2017-10-03T01:29:03.013 · Last modified 2026-06-17T01:07:06.460

Summary

WordPress 4.8.2 stores cleartext wp_signups.activation_key values (but stores the analogous wp_users.user_activation_key values as hashes), which might make it easier for remote attackers to hijack unactivated user accounts by leveraging database read access (such as access gained through an unspecified SQL injection vulnerability).

Affected products

wordpress — wordpress

Does this affect you?

Add your gear to cvedb and we'll alert you only when wordpress ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.