Summary
| Parameter | Value |
|---|---|
| CVE ID | CVE-2026-7567 |
| Alert Source | GitHub Advisory - Critical Vulnerability |
| CVE Publication Year | 2026 |
| Date Published | 2026-05-01 |
| Vendor | WordPress |
| Product | Temporary Login (plugin) |
| CVSS Score | 9.8 (critical) |
| EPSS Score | 0.2% (percentile: 41%) |
| CISA KEV | No |
| Ransomware | Not confirmed |
Vulnerability Description
The Temporary Login plugin for WordPress is vulnerable to Authentication Bypass in versions up to and including 1.0.0. This is due to improper input validation in the maybe_login_temporary_user() function, which fails to verify that the ‘temp-login-token’ GET parameter is a scalar string before processing it. When the parameter is supplied as an array, PHP’s empty() check is bypassed and sanitize_key() returns an empty string, which is then passed as the meta_value to get_users(). WordPress ignores the meta query under those conditions and may return any user, allowing an unauthenticated attacker to log in as the first user in the database (typically an administrator).
Required Actions
Immediately deactivate or uninstall the Temporary Login plugin on all WordPress instances until a patched version is released by the author. Once the patch is published, update the plugin to the safe version. Review server logs for suspicious GET requests with the temp-login-token parameter passed as an array (e.g. ?temp-login-token[]=) and for unusual administrator logins.
Who Is Affected?
This vulnerability affects Temporary Login (plugin) for WordPress. Check whether your organization uses this plugin and take immediate steps to mitigate the risk.
Sources
Need help securing your systems? nFlo team offers vulnerability management and 24/7 SOC services. Contact us.
