CVE-2026-8994

The Login with NEAR plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 0.3.3. The ajaxLoginWithNear function — registered as a wpajaxnopriv action and therefore reachable by unauthenticated users — accepts an attacker-supplied account POST parameter...

CVE-2026-8994 Login with NEAR <= 0.3.3 - Authentication Bypass via 'account' Parameter

The Login with NEAR plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 0.3.3. The ajaxLoginWithNear function — registered as a wpajaxnopriv action and therefore reachable by unauthenticated users — accepts an attacker-supplied account POST parameter...

CVE-2026-8994

The Login with NEAR plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 0.3.3. The ajaxLoginWithNear function — registered as a wpajaxnopriv action and therefore reachable by unauthenticated users — accepts an attacker-supplied account POST parameter...

CVE-2026-8994

The Login with NEAR plugin for WordPress up to version 0.3.3 is vulnerable to authentication bypass. The ajaxLoginWithNear() function, exposed as wp_ajax_nopriv, accepts an attacker-controlled account POST parameter and authenticates a user based solely on a substring check for .near, with no non...

CVE-2026-8994 Login with NEAR <= 0.3.3 - Authentication Bypass via 'account' Parameter

The Login with NEAR plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 0.3.3. The ajaxLoginWithNear function — registered as a wpajaxnopriv action and therefore reachable by unauthenticated users — accepts an attacker-supplied account POST parameter...