CVE-2026-10530 · Symaro Security Advisory

Description

The Pie Register WordPress plugin before 3.8.4.10 does not use sufficiently random values when generating its account verification tokens, allowing unauthenticated attackers to predict a valid token and activate an account without access to the associated email inbox.

Weaknesses

— CWE-326 Inadequate Encryption Strength

Affected products

Vendor	Product	Versions
Unknown	Pie Register	0 to <3.8.4.10

References

https://wpscan.com/vulnerability/bd3fe1d2-9f21-4b51-9112-2971a25a7e62/ (exploit vdb-entry technical-description)

Authoritative sources

This page is a snapshot. For the latest enrichment and updates, view the record on CVE.org or the NVD.

Generated from the official CVE List on 22 Jun 2026 14:43 UTC.