Lucene search
K

4 matches found

NVD
NVD
added 6 hours ago4 views

CVE-2026-10830

The AllCoach WordPress plugin before 1.0.2 does not verify that an email address submitted to a public account-registration endpoint is not already associated with an existing user before overwriting that user's password, allowing unauthenticated attackers to reset the password of arbitrary...

8.8CVSS
Exploits0References1
Cvelist
Cvelist
added 8 hours ago5 views

CVE-2026-10830 AllCoach < 1.0.2 - Unauthenticated Account Takeover

The AllCoach WordPress plugin before 1.0.2 does not verify that an email address submitted to a public account-registration endpoint is not already associated with an existing user before overwriting that user's password, allowing unauthenticated attackers to reset the password of arbitrary...

Exploits0References1
EUVD
EUVD
added 8 hours ago4 views

EUVD-2026-41818

The AllCoach WordPress plugin before 1.0.2 does not verify that an email address submitted to a public account-registration endpoint is not already associated with an existing user before overwriting that user's password, allowing unauthenticated attackers to reset the password of arbitrary...

8.8CVSS6AI score
Exploits0References1
CVE
CVE
added 8 hours ago4 views

CVE-2026-10830

The AllCoach WordPress plugin before 1.0.2 does not verify that an email address submitted to a public account-registration endpoint is not already associated with an existing user before overwriting that user's password, allowing unauthenticated attackers to reset the password of arbitrary...

8.8CVSS6AI score
Exploits0References1
Rows per page
Query Builder