CVE-2026-12417 - SignUp & SignIn <= 1.0.0 - Unauthenticated Privilege Escalation via Weak Password Reset Validation via 'reset_activation_code' Leading to Account Takeover
CVE ID :CVE-2026-12417 Published : June 24, 2026, 5:33 a.m. | 3 hours, 37 minutes ago Description :The SignUp & SignIn plugin for WordPress is vulnerable to Authentication Bypass via Weak Password Reset Validation leading to Account Takeover in versions up to, and including, 1.0.0. This is...