HIGH
learnnearclub
CVE published 2026-05-27
CVE-2026-8994
The Login with NEAR plugin for WordPress is vulnerable to authentication bypass in all versions up to and including 0.3.3. The `ajaxLoginWithNear()` function is registered as a `wp_ajax_nopriv` action, making it accessible to unauthenticated users. The function accepts an attacker-supplied `account` POST parameter and issues a valid WordPress authentication cookie based solely on a substring check for `.n [truncated]