Skip to main content

Login with NEAR EUVD-2026-32094

| CVE-2026-8994 HIGH
Improper Authentication (CWE-287)
2026-05-27 security@wordfence.com GHSA-6gff-f85j-33mr
WordPress Authentication Bypass Microsoft
8.1
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
May 27, 2026 - 20:32 vuln.today
CVE Published
May 27, 2026 - 07:16 nvd
HIGH 8.1

DescriptionNVD

The Login with NEAR plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 0.3.3. The ajaxLoginWithNear() function - registered as a wp_ajax_nopriv action and therefore reachable by unauthenticated users - accepts an attacker-supplied account POST parameter and issues a valid WordPress authentication cookie based solely on a substring check for .near, with no nonce verification, cryptographic signature validation, challenge-response exchange, or any proof that the requester controls the corresponding NEAR wallet. This makes it possible for unauthenticated attackers to log in as any existing WordPress user, including administrators, whose email address matches the deterministic <account>@near.org pattern derived from the supplied account value. If no matching user exists, the handler automatically creates and authenticates a new WordPress account for the attacker-controlled identifier, providing a further avenue for unauthorized account creation.

AnalysisAI

Authentication bypass in the Login with NEAR WordPress plugin (all versions through 0.3.3) lets unauthenticated attackers log in as any existing user - including administrators - whose email matches the deterministic <account>@near.org pattern. The flaw stems from the unauthenticated ajaxLoginWithNear() handler issuing a valid WordPress auth cookie based only on a substring check for '.near', with no signature, challenge-response, or nonce verification. …

Sign in for full analysis, threat intelligence, and remediation guidance.

RemediationAI

Within 24 hours: Uninstall the Login with NEAR plugin from all WordPress installations; reset all administrator passwords; review access logs for logins from @near.org email addresses. Within 7 days: Perform forensic analysis of user accounts created or modified during plugin operation; implement IP-based access restrictions on WordPress administrative interfaces. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

More from same product – last 7 days

CVE-2026-7862 HIGH POC
8.6 May 28

Unauthenticated refund abuse in the Eupago Gateway for WooCommerce WordPress plugin before 4.7.2 lets remote attackers t
CVE-2026-40412 CRITICAL
10.0 May 22

Remote code execution in Microsoft Azure Orbital Spatio allows unauthenticated network attackers to upload dangerous fil
CVE-2026-41104 CRITICAL
10.0 May 22

Unsafe deserialization in Microsoft Planetary Computer Pro (Geocatalog) lets a remote unauthenticated attacker craft mal
CVE-2026-23652 CRITICAL
10.0 May 22

Remote code execution in Microsoft Power Pages allows unauthenticated network attackers to inject and execute operating-
CVE-2026-47280 CRITICAL
10.0 May 22

Privilege elevation in Microsoft Azure Resource Manager (ARM) allows remote unauthenticated attackers to bypass authenti

Share

EUVD-2026-32094 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy