CVE-2026-7567: CWE-288 Authentication Bypass Using an Alternate Path or Channel in elemntor Temporary Login
The Temporary Login plugin for WordPress (elemntor project) up to version 1. 0. 0 contains a critical authentication bypass vulnerability. This occurs because the function maybe_login_temporary_user() does not properly validate the 'temp-login-token' GET parameter, allowing an attacker to bypass authentication by sending a crafted request with this parameter as an array. This leads to WordPress returning all users with the '_temporary_login_token' meta_key, enabling unauthorized login as any active temporary user. The vulnerability has a CVSS score of 9. 8, indicating critical severity with high impact on confidentiality, integrity, and availability. No official patch or remediation has been confirmed yet.
AI Analysis
Technical Summary
CVE-2026-7567 is an authentication bypass vulnerability in the Temporary Login WordPress plugin (elemntor) versions up to 1.0.0. The issue arises from improper input validation in the maybe_login_temporary_user() function, which fails to ensure the 'temp-login-token' GET parameter is a scalar string. When an attacker supplies this parameter as an array, PHP's empty() check is bypassed, and sanitize_key() returns an empty string. WordPress then ignores the empty meta_value and returns all users matching the meta_key '_temporary_login_token', allowing authentication without a valid token. This enables unauthenticated attackers to log in as any active temporary login user via a single crafted GET request.
Potential Impact
Successful exploitation allows unauthenticated attackers to bypass authentication and gain access as any active temporary login user. This compromises confidentiality, integrity, and availability of the affected WordPress site. The vulnerability is critical with a CVSS 3.1 base score of 9.8, reflecting network attack vector, low attack complexity, no privileges required, no user interaction, and high impact on all security properties.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, avoid using the affected versions of the Temporary Login plugin or disable the plugin to prevent exploitation. Monitor vendor channels for updates and apply patches promptly once released.
CVE-2026-7567: CWE-288 Authentication Bypass Using an Alternate Path or Channel in elemntor Temporary Login
Description
The Temporary Login plugin for WordPress (elemntor project) up to version 1. 0. 0 contains a critical authentication bypass vulnerability. This occurs because the function maybe_login_temporary_user() does not properly validate the 'temp-login-token' GET parameter, allowing an attacker to bypass authentication by sending a crafted request with this parameter as an array. This leads to WordPress returning all users with the '_temporary_login_token' meta_key, enabling unauthorized login as any active temporary user. The vulnerability has a CVSS score of 9. 8, indicating critical severity with high impact on confidentiality, integrity, and availability. No official patch or remediation has been confirmed yet.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-7567 is an authentication bypass vulnerability in the Temporary Login WordPress plugin (elemntor) versions up to 1.0.0. The issue arises from improper input validation in the maybe_login_temporary_user() function, which fails to ensure the 'temp-login-token' GET parameter is a scalar string. When an attacker supplies this parameter as an array, PHP's empty() check is bypassed, and sanitize_key() returns an empty string. WordPress then ignores the empty meta_value and returns all users matching the meta_key '_temporary_login_token', allowing authentication without a valid token. This enables unauthenticated attackers to log in as any active temporary login user via a single crafted GET request.
Potential Impact
Successful exploitation allows unauthenticated attackers to bypass authentication and gain access as any active temporary login user. This compromises confidentiality, integrity, and availability of the affected WordPress site. The vulnerability is critical with a CVSS 3.1 base score of 9.8, reflecting network attack vector, low attack complexity, no privileges required, no user interaction, and high impact on all security properties.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, avoid using the affected versions of the Temporary Login plugin or disable the plugin to prevent exploitation. Monitor vendor channels for updates and apply patches promptly once released.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- Wordfence
- Date Reserved
- 2026-04-30T20:58:51.799Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69f4779bcbff5d8610a57434
Added to database: 5/1/2026, 9:51:23 AM
Last enriched: 5/1/2026, 10:06:20 AM
Last updated: 5/1/2026, 10:59:16 AM
Views: 9
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.