Home

Description

The Pie Register WordPress plugin before 3.8.4.10 does not use sufficiently random values when generating its account verification tokens, allowing unauthenticated attackers to predict a valid token and activate an account without access to the associated email inbox.

PUBLISHED Reserved 2026-06-01 | Published 2026-06-22 | Updated 2026-06-22 | Assigner WPScan

Problem types

CWE-326 Inadequate Encryption Strength

Product status

Default status
unaffected

Any version before 3.8.4.10
affected

Credits

Haitam Lazaar finder

WPScan coordinator

References

wpscan.com/...rability/bd3fe1d2-9f21-4b51-9112-2971a25a7e62/ exploit vdb-entry technical-description

cve.org (CVE-2026-10530)

nvd.nist.gov (CVE-2026-10530)

Download JSON