[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2026-7567":6},{"stargazers_count":4,"fetched_at":5},5,"2026-05-02T06:24:39.445Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":262,"aliases":263,"duplicate_of":9,"upstream":264,"downstream":265,"duplicates":266,"related":267,"reserved_at":9,"published_at":268,"modified_at":269,"state":270,"summary":271,"references_raw":280,"kevs":310,"epss":311,"epss_history":314,"metrics":316,"affected":323},"CVE-2026-7567","The Temporary Login plugin for WordPress is vulnerable to Authentication Bypass in versions up to and including 1.0.0. This is due to improper input validation in the maybe_login_temporary_user() function, which fails to verify that the 'temp-login-token' GET parameter is a scalar string before processing it. When the parameter is supplied as an array, PHP's empty() check is bypassed and sanitize_key() returns an empty string, which is then passed as the meta_value to get_users(). WordPress ignores an empty meta_value and returns all users matching the meta_key '_temporary_login_token', allowing authentication without a valid token. This makes it possible for unauthenticated attackers to authenticate as any active temporary login user by sending a single crafted GET request.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-288","Authentication Bypass Using an Alternate Path or Channel","The product requires authentication, but the product has an alternate path or channel that does not require authentication.","weakness","Incomplete","Base",[19,81],{"id":20,"name":21,"techniques":22},"CAPEC-127","Directory Indexing",[23],{"id":24,"name":25,"tactics":26,"countermeasures":30},"T1083","File and Directory Discovery",[27],{"id":28,"name":29},"TA0102","Discovery",[31,36,40,45,50,55,60,65,69,73,77],{"id":32,"name":33,"tactic":34},"D3-FA","File Analysis",{"name":35},"Detect",{"id":37,"name":38,"tactic":39},"D3-FIM","File Integrity Monitoring",{"name":35},{"id":41,"name":42,"tactic":43},"D3-FEV","File Eviction",{"name":44},"Evict",{"id":46,"name":47,"tactic":48},"D3-DF","Decoy File",{"name":49},"Deceive",{"id":51,"name":52,"tactic":53},"D3-FE","File Encryption",{"name":54},"Harden",{"id":56,"name":57,"tactic":58},"D3-RF","Restore File",{"name":59},"Restore",{"id":61,"name":62,"tactic":63},"D3-LFP","Local File Permissions",{"name":64},"Isolate",{"id":66,"name":67,"tactic":68},"D3-CF","Content Filtering",{"name":64},{"id":70,"name":71,"tactic":72},"D3-RFAM","Remote File Access Mediation",{"name":64},{"id":74,"name":75,"tactic":76},"D3-CQ","Content Quarantine",{"name":64},{"id":78,"name":79,"tactic":80},"D3-CM","Content Modification",{"name":64},{"id":82,"name":83,"techniques":84},"CAPEC-665","Exploitation of Thunderbolt Protection Flaws",[85,120,159],{"id":86,"name":87,"tactics":88,"countermeasures":95},"T1211","Exploitation for Stealth",[89,92],{"id":90,"name":91},"TA0030","Defense Evasion",{"id":93,"name":94},"TA0005","Stealth",[96,100,104,108,112,116],{"id":97,"name":98,"tactic":99},"D3-MBT","Memory Boundary Tracking",{"name":35},{"id":101,"name":102,"tactic":103},"D3-PCSV","Process Code Segment Verification",{"name":35},{"id":105,"name":106,"tactic":107},"D3-SSC","Shadow Stack Comparisons",{"name":35},{"id":109,"name":110,"tactic":111},"D3-PSEP","Process Segment Execution Prevention",{"name":54},{"id":113,"name":114,"tactic":115},"D3-SAOR","Segment Address Offset Randomization",{"name":54},{"id":117,"name":118,"tactic":119},"D3-SFCV","Stack Frame Canary Validation",{"name":54},{"id":121,"name":122,"tactics":123,"countermeasures":129},"T1542.002","Component Firmware",[124,125,126],{"id":90,"name":91},{"id":93,"name":94},{"id":127,"name":128},"TA0110","Persistence",[130,135,139,143,147,151,155],{"id":131,"name":132,"tactic":133},"D3-SWI","Software Inventory",{"name":134},"Model",{"id":136,"name":137,"tactic":138},"D3-AVE","Asset Vulnerability Enumeration",{"name":134},{"id":140,"name":141,"tactic":142},"D3-FEMC","Firmware Embedded Monitoring Code",{"name":35},{"id":144,"name":145,"tactic":146},"D3-FV","Firmware Verification",{"name":35},{"id":148,"name":149,"tactic":150},"D3-FBA","Firmware Behavior Analysis",{"name":35},{"id":152,"name":153,"tactic":154},"D3-SU","Software Update",{"name":54},{"id":156,"name":157,"tactic":158},"D3-RS","Restore Software",{"name":59},{"id":160,"name":161,"tactics":162,"countermeasures":171},"T1556","Modify Authentication Process",[163,164,167,168],{"id":90,"name":91},{"id":165,"name":166},"TA0112","Defense Impairment",{"id":127,"name":128},{"id":169,"name":170},"TA0031","Credential Access",[172,176,180,184,186,188,192,196,200,204,206,210,214,218,222,224,226,228,232,234,236,238,240,242,246,250,254,258],{"id":173,"name":174,"tactic":175},"D3-CI","Configuration Inventory",{"name":134},{"id":177,"name":178,"tactic":179},"D3-NTPM","Network Traffic Policy Mapping",{"name":134},{"id":181,"name":182,"tactic":183},"D3-AM","Access Modeling",{"name":134},{"id":32,"name":33,"tactic":185},{"name":35},{"id":37,"name":38,"tactic":187},{"name":35},{"id":189,"name":190,"tactic":191},"D3-PLA","Process Lineage Analysis",{"name":35},{"id":193,"name":194,"tactic":195},"D3-PSMD","Process Self-Modification Detection",{"name":35},{"id":197,"name":198,"tactic":199},"D3-PSA","Process Spawn Analysis",{"name":35},{"id":201,"name":202,"tactic":203},"D3-SFA","System File Analysis",{"name":35},{"id":41,"name":42,"tactic":205},{"name":44},{"id":207,"name":208,"tactic":209},"D3-PT","Process Termination",{"name":44},{"id":211,"name":212,"tactic":213},"D3-PS","Process Suspension",{"name":44},{"id":215,"name":216,"tactic":217},"D3-HR","Host Reboot",{"name":44},{"id":219,"name":220,"tactic":221},"D3-HS","Host Shutdown",{"name":44},{"id":46,"name":47,"tactic":223},{"name":49},{"id":51,"name":52,"tactic":225},{"name":54},{"id":56,"name":57,"tactic":227},{"name":59},{"id":229,"name":230,"tactic":231},"D3-RC","Restore Configuration",{"name":59},{"id":66,"name":67,"tactic":233},{"name":64},{"id":61,"name":62,"tactic":235},{"name":64},{"id":70,"name":71,"tactic":237},{"name":64},{"id":74,"name":75,"tactic":239},{"name":64},{"id":78,"name":79,"tactic":241},{"name":64},{"id":243,"name":244,"tactic":245},"D3-KBPI","Kernel-based Process Isolation",{"name":64},{"id":247,"name":248,"tactic":249},"D3-SCF","System Call Filtering",{"name":64},{"id":251,"name":252,"tactic":253},"D3-HBPI","Hardware-based Process Isolation",{"name":64},{"id":255,"name":256,"tactic":257},"D3-ABPI","Application-based Process Isolation",{"name":64},{"id":259,"name":260,"tactic":261},"D3-WSAM","Web Session Access Mediation",{"name":64},[],[],[],[],[],[],"2026-05-01T09:26:06.824Z","2026-05-01T14:27:42.580Z","Deferred",{"cisa_kev":272,"cisa_ransomware":272,"cisa_vendor":9,"epss_severity":273,"epss_score":274,"severity":275,"severity_score":276,"severity_version":277,"severity_source":278,"severity_vector":279,"severity_status":270},false,"low",0.00193,"critical",9.8,"v3.1","cve.org","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",[281,286,290,294,298,302,306],{"url":282,"sources":283,"tags":285},"https://www.wordfence.com/threat-intel/vulnerabilities/id/f97c669b-86c1-4873-a050-76972f494099?source=cve",[278,284],"nvd",[],{"url":287,"sources":288,"tags":289},"https://plugins.trac.wordpress.org/browser/temporary-login/trunk/core/options.php#L157",[278,284],[],{"url":291,"sources":292,"tags":293},"https://plugins.trac.wordpress.org/browser/temporary-login/tags/1.0.0/core/options.php#L157",[278,284],[],{"url":295,"sources":296,"tags":297},"https://plugins.trac.wordpress.org/browser/temporary-login/trunk/core/admin.php#L135",[278,284],[],{"url":299,"sources":300,"tags":301},"https://plugins.trac.wordpress.org/browser/temporary-login/tags/1.0.0/core/admin.php#L135",[278,284],[],{"url":303,"sources":304,"tags":305},"https://plugins.trac.wordpress.org/browser/temporary-login/trunk/core/admin.php#L179",[278,284],[],{"url":307,"sources":308,"tags":309},"https://plugins.trac.wordpress.org/browser/temporary-login/tags/1.0.0/core/admin.php#L179",[278,284],[],[],{"date":312,"score":274,"percentile":313},"2026-05-01",0.40977,[315],{"date":312,"score":274,"percentile":313},[317,321],{"source":278,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":318,"cvss_v4_0":9},{"baseScore":276,"baseSeverity":319,"vectorString":279,"impactScore":276,"exploitabilityScore":320},"CRITICAL",10,{"source":284,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":322,"cvss_v4_0":9},{"baseScore":276,"baseSeverity":319,"vectorString":279,"impactScore":276,"exploitabilityScore":320},[324],{"ecosystem":9,"name":325,"vendor":326,"product":327,"cpe_part":328,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":329},"Temporary Login","elemntor","temporary login","a",[330],{"version":331,"is_range":332,"range_type":278,"version_start":9,"version_start_type":9,"version_end":333,"version_end_type":334,"fixed_in":9},"\u003C= 1.0.0",true,"1.0.0","including"]