CVE-2026-7567

CRITICAL

Temporary Login <= 1.0.0 - Authentication Bypass to Account Takeover

Title source: cna

Exploitation Summary

EIP tracks 3 public exploits for CVE-2026-7567. PoCs published by Amir Hossein Jamshidi, adminlove520, amirhosseinjamshidi64.

AI-analyzed exploit summary This Python script exploits an authentication bypass vulnerability in the WordPress Temporary Login Plugin (version <= 1.0.0) by sending a crafted request to the 'temp-login-token[]' endpoint, which grants unauthorized access to a temporary user account. The exploit checks for successful authentication by verifying the presence of WordPress session cookies and confirms admin access by accessing the admin dashboard.

Description

The Temporary Login plugin for WordPress is vulnerable to Authentication Bypass in versions up to and including 1.0.0. This is due to improper input validation in the maybe_login_temporary_user() function, which fails to verify that the 'temp-login-token' GET parameter is a scalar string before processing it. When the parameter is supplied as an array, PHP's empty() check is bypassed and sanitize_key() returns an empty string, which is then passed as the meta_value to get_users(). WordPress ignores an empty meta_value and returns all users matching the meta_key '_temporary_login_token', allowing authentication without a valid token. This makes it possible for unauthenticated attackers to authenticate as any active temporary login user by sending a single crafted GET request.

Exploits (3)

exploitdb WORKING POC

by Amir Hossein Jamshidi · textwebappsmultiple

https://www.exploit-db.com/exploits/52575

View Code ZIP pw:eip

This Python script exploits an authentication bypass vulnerability in the WordPress Temporary Login Plugin (version <= 1.0.0) by sending a crafted request to the 'temp-login-token[]' endpoint, which grants unauthorized access to a temporary user account. The exploit checks for successful authentication by verifying the presence of WordPress session cookies and confirms admin access by accessing the admin dashboard.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: WordPress Temporary Login Plugin <= 1.0.0

No auth needed

Prerequisites: WordPress site with Temporary Login Plugin <= 1.0.0 installed · At least one temporary user account exists

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1078 - Valid Accounts

devstral-2 · analyzed May 27, 2026 Full analysis →

github WORKING POC 4 stars

by adminlove520 · pythonpoc

https://github.com/adminlove520/CVE-Poc_All_in_One/tree/main/2026/CVE-2026-7567

View Code ZIP pw:eip

The repository contains a functional Python exploit for CVE-2026-7567, which bypasses authentication in the WordPress Temporary Login Plugin <= 1.0.0 by manipulating the 'temp-login-token' parameter. The exploit sends a crafted request to obtain admin cookies, allowing account takeover.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: WordPress Temporary Login Plugin <= 1.0.0

No auth needed

Prerequisites: WordPress site with vulnerable plugin installed · Temporary user exists

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1078 - Valid Accounts

devstral-2 · analyzed May 22, 2026 Full analysis →

github WORKING POC

by amirhosseinjamshidi64 · pythonpoc

https://github.com/amirhosseinjamshidi64/CVE-2026-7567-POC

View Code ZIP pw:eip

The repository contains a functional Python exploit for CVE-2026-7567, which targets an authentication bypass vulnerability in the WordPress Temporary Login Plugin <= 1.0.0. The exploit sends a crafted request to bypass authentication and gain temporary admin access.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: WordPress Temporary Login Plugin <= 1.0.0

No auth needed

Prerequisites: WordPress site with Temporary Login Plugin <= 1.0.0 installed · At least one temporary user exists

MITRE ATT&CK