CVE-2026-12598
CVE-2026-12598 affects the LoginPress Pro WordPress plugin (≤ 6.2.3) via the Spotify Social Login addon. The vulnerability arises because loginpress_on_spotify_login() trusts the unverified email from Spotify’s /v1/me endpoint and uses that email with get_user_by('email') to identify/login an exi...