Description
In WordPress before 4.9.9 and 5.x before 5.0.1, the user-activation page could be read by a search engine's web crawler if an unusual configuration were chosen. The search engine could then index and display a user's e-mail address and (rarely) the password that was generated by default.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP DS FAQ Plus Cross-Site Scripting (1.4.1)
Joomla Session Fixation Vulnerability (CVE-2010-1434)
WordPress Plugin WooCommerce PayPal Checkout Payment Gateway Parameter Tampering (1.6.8)
WordPress Plugin Tera Charts Multiple Local File Inclusion Vulnerabilities (0.1)
WordPress Plugin YaySMTP-Simple WP SMTP Mail Cross-Site Scripting (2.2.1)