The AllCoach WordPress plugin before 1.0.2 does not verify that an email address submitted to a public account-registration endpoint is not already associated with an existing user before overwriting that user's password, allowing unauthenticated attackers to reset the password of arbitrary accounts, including administrators, and take over the site.
Casky was already ahead
This CVE exploits attack patterns that Casky's 0matched skills already investigate — long before this vulnerability was disclosed. Claude's reasoning model maps these techniques to MITRE ATT&CK, so practitioners who ran these skills have already seen the threat behaviour in their findings.
The AllCoach WordPress plugin before version 1.0.2 contains a critical authentication bypass vulnerability in its public account-registration endpoint. The flaw stems from insufficient input validation: the plugin fails to verify whether an email address submitted during registration is already associated with an existing user account before overwriting that user's password. This allows unauthenticated attackers to reset passwords for any account, including administrator accounts, by simply submitting an existing user's email address through the registration form. For WordPress site owners using this plugin, the impact is severe—attackers can gain complete administrative control of the site without requiring any prior authentication or knowledge of existing passwords.
While this specific CVE currently maps to zero Casky skills due to the absence of detailed MITRE ATT&CK technique assignments, practitioners using Casky's Claude AI-powered platform with extended reasoning would detect the attack patterns underlying this vulnerability through behavioral analysis of account-related activities. The core attack chain involves T1078 (Valid Accounts) exploitation, where attackers leverage the registration endpoint to manipulate account credentials. Security teams monitoring their WordPress instances with Casky's 754 mapped skills would identify suspicious patterns such as: unexpected password reset requests from unfamiliar IP addresses, registration attempts targeting high-privilege accounts, and subsequent administrative actions immediately following registration activity. By correlating these signals with Casky's threat modeling capabilities, practitioners would recognize the hallmarks of unauthorized account takeover before full compromise occurs, enabling rapid incident response and remediation.
Composite risk scoring from EPSS, CISA KEV, Shodan, and GreyNoise — 21 security APIs correlated into a single Casky Risk Score. Coming in Casky Pro. Join early access →
Casky has 0 skills that investigate the attack patterns behind CVE-2026-10830. Run one and get CVSS-scored findings in 3 minutes.
Run the skill that detects this →© 2026 Casky.AI, Inc. · AI Security Investigation