Description
django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive.
Remediation
References
Related Vulnerabilities
WordPress Plugin Hover Effects Builder Free Cross-Site Scripting (1.0.3)
WordPress Plugin MetaSlider Cross-Site Scripting (2.6.2)
WordPress Plugin WP Private Content Plus Cross-Site Request Forgery (3.1)
IBM RTC Incorrect Authorization Vulnerability (CVE-2017-1700)
WordPress Plugin WooCommerce Multiple Vulnerabilities (6.2.0)