{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-5722/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":9.8,"id":"CVE-2026-5722"}],"_cs_exploited":false,"_cs_products":["MoreConvert Pro plugin"],"_cs_severities":["critical"],"_cs_tags":["wordpress","authentication-bypass","plugin","cve-2026-5722"],"_cs_type":"advisory","_cs_vendors":["WordPress"],"content_html":"\u003cp\u003eThe MoreConvert Pro plugin, a WordPress extension, is vulnerable to an authentication bypass flaw (CVE-2026-5722) affecting all versions up to and including 1.9.14. The vulnerability stems from a failure to invalidate or regenerate guest waitlist verification tokens when a customer\u0026rsquo;s email address is altered. This oversight enables a malicious actor to manipulate the waitlist verification process and impersonate existing users, potentially escalating privileges to gain administrative control over the WordPress site. This vulnerability poses a significant risk to WordPress sites using the MoreConvert Pro plugin, as unauthorized access could lead to data breaches, defacement, or complete site compromise.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies a WordPress site using a vulnerable version (\u0026lt;= 1.9.14) of the MoreConvert Pro plugin.\u003c/li\u003e\n\u003cli\u003eAttacker submits a request to join the guest waitlist using an email address they control (\u003ca href=\"mailto:attacker@example.com\"\u003eattacker@example.com\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eThe plugin generates a verification token and sends a confirmation email to \u003ca href=\"mailto:attacker@example.com\"\u003eattacker@example.com\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAttacker retrieves the valid verification token from their email.\u003c/li\u003e\n\u003cli\u003eAttacker uses the public waitlist functionality to change the email address associated with the \u003ca href=\"mailto:attacker@example.com\"\u003eattacker@example.com\u003c/a\u003e entry to the email address of a target user, such as an administrator (\u003ca href=\"mailto:admin@target.com\"\u003eadmin@target.com\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eThe plugin does not invalidate the original verification token.\u003c/li\u003e\n\u003cli\u003eAttacker uses the original verification link containing the unchanged token.\u003c/li\u003e\n\u003cli\u003eThe plugin incorrectly authenticates the attacker as \u003ca href=\"mailto:admin@target.com\"\u003eadmin@target.com\u003c/a\u003e, granting them unauthorized access with the privileges of the targeted user.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows unauthenticated attackers to bypass authentication and gain unauthorized access to WordPress websites. This includes the ability to impersonate existing users, potentially including administrators. The CVSS v3.1 base score for this vulnerability is 9.8, indicating a critical severity. Consequences include full administrative control of the affected WordPress site, leading to potential data breaches, defacement, malware injection, and complete site compromise.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade the MoreConvert Pro plugin to the latest available version (greater than 1.9.14) to patch CVE-2026-5722.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious requests to the waitlist functionality that involve email address changes and subsequent verification attempts. Deploy the Sigma rule \u003ccode\u003eDetect MoreConvert Pro Waitlist Email Change\u003c/code\u003e to detect this behavior.\u003c/li\u003e\n\u003cli\u003eImplement strong password policies and multi-factor authentication for all WordPress user accounts, especially administrator accounts, to mitigate the impact of potential account compromise.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect Successful Authentication with Guest Token\u003c/code\u003e to identify successful authentication attempts using guest tokens.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-03T12:00:00Z","date_published":"2024-01-03T12:00:00Z","id":"/briefs/2024-01-03-moreconvert-auth-bypass/","summary":"The MoreConvert Pro plugin for WordPress versions 1.9.14 and earlier is vulnerable to authentication bypass due to improper handling of guest waitlist verification tokens, allowing unauthenticated attackers to potentially gain administrative access.","title":"MoreConvert Pro WordPress Plugin Authentication Bypass Vulnerability","url":"https://feed.craftedsignal.io/briefs/2024-01-03-moreconvert-auth-bypass/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-5722","version":"https://jsonfeed.org/version/1.1"}