Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
WordPress Plugin Allows Unauthenticated Access to User Accounts
CVE-2026-26251
Summary
A widely-used WordPress plugin has a bug that lets anyone access user accounts without a password. This means that anyone can view and edit user information and settings. To stay safe, update the plugin to the latest version.
Original title
Rejected reason: Not used
Original description
Rejected reason: Not used
Published: 13 Feb 2026 · Updated: 10 Mar 2026 · First seen: 6 Mar 2026