CVE-2026-5722 in Pro Pluginالمعلومات

الملخص

بحسب MITRE • 05/05/2026

The MoreConvert Pro plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.9.14. This is due to the guest waitlist verification flow not invalidating or regenerating verification tokens when the customer email address is changed. This makes it possible for unauthenticated attackers to authenticate as existing users, including administrators, by obtaining a valid guest verification token for an attacker-controlled email, changing the same guest customer email to the target account email through the public waitlist flow, and then using the original verification link.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

مسؤول

Wordfence

حجز

06/04/2026

إفشاء

05/05/2026

الاعتدال

تمت الموافقة

إدخال

VDB-361081

CPE

جاهز

CWE

CWE-287 (مؤكد)

CVSS

9.8 (CNA)

EPSS

0.00312

KEV

لا

النشاطات

منخفض جدًا

القطاع

Hostingprovider

المصادر

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-5722
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-5722
CVE Details	https://www.cvedetails.com/cve/CVE-2026-5722/

التالي ▸نظرة عامة ◂ السابق

Want to stay up to date on a daily basis?

Enable the mail alert feature now!