Product
An authentication bypass vulnerability (CVE-2026-12598) exists in the LoginPress Pro plugin for WordPress, affecting versions up to and including 6.2.3 within the Spotify Social Login addon, enabling unauthenticated attackers to log in as any existing WordPress user, including administrators, by registering a Spotify account with the target's email.