The BuddyForms plugin for WordPress has a security issue that could allow unauthorized people to bypass the email verification process. This is due to an activation code that is not randomized enough. This vulnerability exists in all versions up to 2.8.9 of the plugin.