WordPress does not hash or expire wp_signups.activation_key allowing an attacker with SQL injection to create accounts | dxwsecurity Vulnerability

When creating new users with a confirmation email, the key for that confirmation email is stored in plain text, and never expires. This means that when there are users who have been created who haven’t followed the link in their

Share This

We are using cookies on our website

Please confirm, if you accept our tracking cookies. You can also decline the tracking, so you can continue to visit our website without any data sent to third party services.