2018-12-14 20:00:00
mitre
PUBLISHED
In WordPress before 4.9.9 and 5.x before 5.0.1, the user-activation page could be read by a search engines web crawler if an unusual configuration were chosen. The search engine could then index and display a users e-mail address and (rarely) the password that was generated by default.