← back
CVE-2026-10530

Pie Register < 3.8.4.10 - Unauthenticated Email Verification Bypass via Predictable Token

CVSS 5.3 MEDIUMEPSS 0.1%
The Pie Register WordPress plugin before 3.8.4.10 does not use sufficiently random values when generating its account verification tokens, allowing unauthenticated attackers to predict a valid token and activate an account without access to the associated email inbox.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Affected products
Unknown · Pie Register
public PoCs found1
cve_referencewpscan.com/vulnerability/bd3fe1d2-9f21-4b51-9112-2971a25a7e62/unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://wpscan.com/vulnerability/bd3fe1d2-9f21-4b51-9112-2971a25a7e62/