CVE-2026-12417P2CRITICALCVSS 9.8≤ 1.0.02026-06-24
CVE-2026-12417 [CRITICAL] CWE-640 CVE-2026-12417: The SignUp & SignIn plugin for WordPress is vulnerable to Authentication Bypass via Weak Password Re
The SignUp & SignIn plugin for WordPress is vulnerable to Authentication Bypass via Weak Password Reset Validation leading to Account Takeover in versions up to, and including, 1.0.0. This is due to the `pravel_change_password()` AJAX handler — registered via `wp_ajax_nopriv_pravel_change_password` and therefore accessible to unauthenticated users
nvd