CVE-2026-7567: WordPress Temporary Login Plugin Critical Auth Bypass
A critical authentication bypass vulnerability, identified as CVE-2026-7567, has been discovered in the Temporary Login plugin for WordPress, affecting versions up to and including 1.0.0. The National Vulnerability Database reports this flaw stems from improper input validation within the maybe_login_temporary_user() function. Specifically, the function fails to verify that the temp-login-token GET parameter is a scalar string.
When an attacker supplies the temp-login-token parameter as an array, PHP’s empty() check is bypassed. This causes sanitize_key() to return an empty string, which is then passed as the meta_value to get_users(). WordPress, as noted by the National Vulnerability Database, ignores an empty meta_value when retrieving users, effectively returning all users matching the _temporary_login_token meta key. This allows unauthenticated attackers to log in as any active temporary user with a single crafted GET request, completely sidestepping token validation.
This vulnerability carries a CVSS score of 9.8 (Critical), making it an immediate and severe threat. It represents a complete compromise of authentication for affected WordPress sites utilizing this plugin, granting attackers full control over temporary user accounts. Defenders must understand that this isn’t a theoretical risk; it’s a straightforward, unauthenticated path to unauthorized access.
What This Means For You
- If your organization uses the Temporary Login plugin for WordPress, check immediately if you are running versions up to and including 1.0.0. This is a direct authentication bypass; attackers don't need credentials or prior access. Identify and disable or remove this plugin if an update is not available to mitigate CVE-2026-7567. Audit your WordPress user logs for any suspicious logins to temporary accounts.
Related ATT&CK Techniques
🛡️ Detection Rules
3 rules · 6 SIEM formats3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
CVE-2026-7567: WordPress Temporary Login Auth Bypass Attempt
title: CVE-2026-7567: WordPress Temporary Login Auth Bypass Attempt
id: scw-2026-05-01-ai-1
status: experimental
level: critical
description: |
Detects attempts to exploit CVE-2026-7567 by looking for GET requests containing the 'temp-login-token' parameter, which is used in the authentication bypass vulnerability. A 200 status code indicates a successful bypass or at least a successful request that could lead to bypass.
author: SCW Feed Engine (AI-generated)
date: 2026-05-01
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2026-7567/
tags:
- attack.initial_access
- attack.t1190
logsource:
category: webserver
detection:
selection:
cs-uri-query|contains:
- 'temp-login-token='
cs-method:
- 'GET'
sc-status:
- '200'
condition: selection
falsepositives:
- Legitimate administrative activity
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-7567 | Auth Bypass | WordPress plugin: Temporary Login <= 1.0.0 |
| CVE-2026-7567 | Auth Bypass | Vulnerable function: maybe_login_temporary_user() |
| CVE-2026-7567 | Auth Bypass | Vulnerable parameter: 'temp-login-token' GET parameter |
| CVE-2026-7567 | Auth Bypass | Attack vector: Crafted GET request with 'temp-login-token' as an array |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | May 01, 2026 at 13:15 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related coverage
CVE-2026-7578 — The Function Install Of The File /Admi.Php/Admin/Addon/Add.H Unrestricted File Upload
CVE-2026-7578 — A weakness has been identified in MacCMS Pro up to 2022.1.3. This vulnerability affects the function install of the file /admi.php/admin/addon/add.html of the...
CVE-2026-42779: Apache MINA Deserialization Flaw Allows Remote Code Execution
CVE-2026-42779 — The fix for CVE-2026-41635 was not applied to the 2.1.X and 2.2.X branches. Here was the original issue description: Apache MINA's AbstractIoBuffer.resolveClass() contains...
Apache MINA Deserialization Vulnerability (CVE-2026-42778) Hits Critical
CVE-2026-42778 — The fix for CVE-2026-41409 was not applied to the 2.1.X and 2.2.X branches. Here was the original issue description: The fix for CVE-2024-52046...