Lucene search
K

5 matches found

NVD
NVD
added 2026/05/27 7:16 a.m.15 views

CVE-2026-8994

The Login with NEAR plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 0.3.3. The ajaxLoginWithNear function — registered as a wpajaxnopriv action and therefore reachable by unauthenticated users — accepts an attacker-supplied account POST parameter...

8.1CVSS0.0039EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/27 5:31 a.m.11 views

CVE-2026-8994

The Login with NEAR plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 0.3.3. The ajaxLoginWithNear function — registered as a wpajaxnopriv action and therefore reachable by unauthenticated users — accepts an attacker-supplied account POST parameter...

8.1CVSS5.8AI score0.0039EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/05/27 5:31 a.m.8 views

CVE-2026-8994 Login with NEAR <= 0.3.3 - Authentication Bypass via 'account' Parameter

The Login with NEAR plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 0.3.3. The ajaxLoginWithNear function — registered as a wpajaxnopriv action and therefore reachable by unauthenticated users — accepts an attacker-supplied account POST parameter...

8.1CVSS5.8AI score0.0039EPSS
Exploits0References5
CVE
CVE
added 2026/05/27 5:31 a.m.40 views

CVE-2026-8994

The Login with NEAR plugin for WordPress up to version 0.3.3 is vulnerable to authentication bypass. The ajaxLoginWithNear() function, exposed as wp_ajax_nopriv, accepts an attacker-controlled account POST parameter and authenticates a user based solely on a substring check for .near, with no non...

8.1CVSS5.8AI score0.0039EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/27 5:31 a.m.34 views

CVE-2026-8994 Login with NEAR <= 0.3.3 - Authentication Bypass via 'account' Parameter

The Login with NEAR plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 0.3.3. The ajaxLoginWithNear function — registered as a wpajaxnopriv action and therefore reachable by unauthenticated users — accepts an attacker-supplied account POST parameter...

8.1CVSS0.0039EPSS
Exploits0References5
Rows per page
Query Builder