If an attacker gains read access, they can query the wp_signups table: SELECT user_login, user_email, activation_key FROM wp_signups WHERE active = 0;
To exploit this, an attacker requires read access to the WordPress database. This access is commonly obtained through: If an attacker gains read access, they can