Email Verification Flaw in AllCoach WordPress Plugin by the Vendor
CVE-2026-10830
Currently unrated
Key Information:
Badges
๐พ Exploit Exists๐ก Public PoC
What is CVE-2026-10830?
The AllCoach WordPress plugin prior to version 1.0.2 contains a critical flaw that fails to confirm whether an email address submitted for account registration is already linked to an existing user. This oversight enables unauthorized individuals to overwrite the passwords of existing users, including administrators, and potentially seize control of the site. The vulnerability highlights a significant risk associated with user account management within the plugin.
Affected Version(s)
AllCoach 0 < 1.0.2
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.