CVE-2026-12416 - Invoice Generator <= 1.0.0 - Unauthenticated Account Takeover via Weak Password Reset Validation via 'reset_user_id' Parameter
CVE ID :CVE-2026-12416 Published : June 24, 2026, 5:33 a.m. | 3 hours, 37 minutes ago Description :The Invoice Generator plugin for WordPress is vulnerable to Account Takeover via Password Reset in all versions up to, and including, 1.0.0. This is due to the `pravel_invoice_change_password()`...