exploitDog

CVE-2026-2418

Опубликовано: 05 мар. 2026

Источник: nvd

CVSS3: 9.1

EPSS Низкий

Описание

The Login with Salesforce WordPress plugin through 1.0.2 does not validate that users are allowed to login through Salesforce, allowing unauthenticated users to be authenticated as any user (such as admin) by simply knowing the email

Ссылки

https://wpscan.com/vulnerability/b25c6cbc-39e7-4fa0-af0b-ee7759d2c497/

EPSS

Процентиль: 22%

0.00071

Низкий

9.1 Critical

CVSS3

Дефекты

Связанные уязвимости

GHSA-22f9-qcfx-q3w3

CVSS3: 9.1

github

21 день назад

The Login with Salesforce WordPress plugin through 1.0.2 does not validate that users are allowed to login through Salesforce, allowing unauthenticated users to be authenticated as any user (such as admin) by simply knowing the email

EPSS

Процентиль: 22%

0.00071

Низкий

9.1 Critical

CVSS3

Дефекты