CVE-2026-7567

CRITICAL · 9.8 EPSS 0.1%

hype MIXED · 62 hack

Published 2 days ago; high severity and clear attack path, but no KEV, no confirmed PoC, no patch deployed yet.

What: Authentication bypass in WordPress "Temporary Login" plugin (v1.0.0 and earlier) via malformed token parameter; CVSS 9.8 CRITICAL allowing unauthenticated account takeover.

Why it matters: High-severity flaw with trivial exploitation (single crafted GET request); no KEV listing yet but social chatter claims 40,000+ vulnerable sites. No public PoC confirmed in posts, but vulnerability is straightforward to exploit given the documented flaw in empty() and sanitize_key() handling.

Where it's seen: Social media amplification (Twitter, Bluesky) from security feeds and researchers; vendor advisory expected imminently; defender awareness is building but no in-the-wild exploitation reports yet.

RISK: CRITICAL — Trivial exploitation, unauthenticated account takeover, high CVSS, widespread plugin.

Generated by claude-haiku-4-5 from public posts and authoritative metadata. AI can make mistakes — verify against vendor advisories before acting. 5/3/2026, 2:05:42 AM

AttackerKB

view on attackerkb.com →

The Temporary Login plugin for WordPress is vulnerable to Authentication Bypass in versions up to and including 1.0.0. This is due to improper input validation in the maybe_login_temporary_user() function, which fails to verify that the 'temp-login-token' GET parameter is a scalar string before processing it. When the parameter is supplied as an array, PHP's empty() check is bypassed and sanitize_key() returns an empty string, which is then passed as the meta_value to get_users(). WordPress ignores an empty meta_value and returns all users matching the meta_key '_temporary_login_token', allowing authentication without a valid token. This makes it possible for unauthenticated attackers to authenticate as any active temporary login user by sending a single crafted GET request.

Public PoCs on GitHub 2 repos

vintagesucks/awesome-stars ★ 12
:star: A curated list of my GitHub stars
getquoteonline/NSNPartLookup.com-Lookup-Order-NSN-NIIN-Cage-Code-Parts ★ 0
NSNPartLookup.com – Lookup & Order NSN, NIIN, Cage Code Parts

Articles & coverage 15 articles

NVD - CVE-2026-7567
Description The Temporary Login plugin for WordPress is vulnerable to Authentication Bypass in versions up to and including 1.0.0. | URL | Source(s) | Tag(s) | | --- | --- | --- | | | Wordfence | | | | Wordfence | | | | Wordfence | | | | Wordfence | | | | Wordfence | | | | Wordfence | | | | Wordfence | | Weakness Enumeration | CWE-ID | CWE Name | Source | | --- | --- | --- | | CWE-
CVE-2016-7567 - CVE Details, Severity, and Analysis | Strobes VI
CVE DatabaseThreat ActorsRansomwareSupply ChainAPI Docs. Visit Strobes.coSign Up for Strobes. Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester. # CVE-2016-7567. CVE-2016-7567 is a critical severity vulnerability with a CVSS score of 9.8. * 1Critical severity (CVSS 9.8/10). Test t
Threats Tagged 'cve-2026-7567' | Threat Radar
# Threats Tagged 'cve-2026-7567'. View all threats tagged with 'cve-2026-7567'. Filter and sort to focus on specific types of threats. Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack. API access activates after upgrading in Console -> Billing. Breach by OffSeqOFFSEQFRIENDS — 25% OFF. ### Check if your credentials are on the dark web. Instant br
CVE-2016-7567: CVE-2016-7567 - Vulnerability Platform
Remote attackers can exploit this vulnerability to cause unspecified impacts. Have questions about the vulnerability? See if Shenlong's analysis helps!
CVE-2026-27567 Detail - NVD
Payload is a free and open source headless content management system. Prior to 3.75.0, a Server-Side Request Forgery (SSRF) vulnerability exists

Page 1 of 3

› NVD details 1 CWE ·0 vendors · 7 refs expand

Description

Weaknesses

CWE-288

References

Other · 7