<0.1% probability · 23.2th percentile — 2026-05-12
Affected versions
WordPress Temporary Login plugin <= 1.0.0
Summary
This vulnerability is caused by improper input validation in the plugin's authentication function. When an attacker sends the `temp-login-token` GET parameter as an array, the empty check for invalid tokens is bypassed. This allows unauthenticated attackers to authenticate as any active temporary login user without a valid token.
Remediation
Update the Temporary Login plugin to the latest patched version immediately. If no patch is available, uninstall the plugin from affected WordPress sites and use a trusted alternative for temporary access management.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.