WordPress is susceptible to privilege escalation attacks. The vulnerability exists due to storing wp_signups.activation_key
values as plaintext in the database. It allows an attacker to hijack an unactivated user account if unauthorized database read access is gained through another attack.