CVE Catalog

CVE-2026-10530

MediumCVSS 5.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.13%

3th percentile — higher than 3% of all known CVEs

Summary

The Pie Register WordPress plugin before version 3.8.4.10 does not use sufficiently random values when generating its account verification tokens, allowing unauthenticated attackers to predict a valid token and activate an account without access to the associated email inbox.

Risk Assessment

The organization may be exposed to unauthorized account activations, leading to potential security breaches and data loss.

Recommendation

It is recommended to update the Pie Register plugin to version 3.8.4.10 or later to secure the account verification process.

Original NVD description (English source)

The Pie Register WordPress plugin before 3.8.4.10 does not use sufficiently random values when generating its account verification tokens, allowing unauthenticated attackers to predict a valid token and activate an account without access to the associated email inbox.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS