CVE-2026-10530
MediumCVSS 5.3Exploitation Probability (EPSS)
Low risk3th percentile — higher than 3% of all known CVEs
Summary
The Pie Register WordPress plugin before version 3.8.4.10 does not use sufficiently random values when generating its account verification tokens, allowing unauthenticated attackers to predict a valid token and activate an account without access to the associated email inbox.
Risk Assessment
The organization may be exposed to unauthorized account activations, leading to potential security breaches and data loss.
Recommendation
It is recommended to update the Pie Register plugin to version 3.8.4.10 or later to secure the account verification process.
Original NVD description (English source)
The Pie Register WordPress plugin before 3.8.4.10 does not use sufficiently random values when generating its account verification tokens, allowing unauthenticated attackers to predict a valid token and activate an account without access to the associated email inbox.

