What is CVE-2026-5722?

CVE-2026-5722 is a critical-severity vulnerability in Moreconvert Pro, classified under Improper Authentication. CVSS score: 9.8/10. Published 2026-05-05.

How severe is CVE-2026-5722?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Auth bypass in Moreconvert Pro

CVE-2026-5722

The MoreConvert Pro plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.9.14. This is due to the guest waitlist verification flow not invalidating or regenerating verification tokens when the…

Vulnerability class: Broken Authentication

EPSS: 0.003 (54.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Moreconvert Pro — versions 0

Weakness classification (CWE)

CWE-287 — Improper Authentication

References

security@wordfence.com
security@wordfence.com
security@wordfence.com

Frequently asked questions

What is CVE-2026-5722?: CVE-2026-5722 is a critical-severity vulnerability in Moreconvert Pro, classified under Improper Authentication. CVSS score: 9.8/10. Published 2026-05-05.
How severe is CVE-2026-5722?: Critical severity. CVSS v3 base score is 9.8 out of 10.