CVE-2026-2418CRITICAL 9.1EPSS p14.8%

CVE-2026-2418CVE-2026-2418

Description

The Login with Salesforce WordPress plugin through 1.0.2 does not validate that users are allowed to login through Salesforce, allowing unauthenticated users to be authenticated as any user (such as admin) by simply knowing the email

Scoring

CVSS 3.19.1 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS0.24% probability of exploitation · percentile 14.8% · 2026-06-18T12:00:27Z
Published2026-03-05
Last modified2026-04-15

References

  1. https://wpscan.com/vulnerability/b25c6cbc-39e7-4fa0-af0b-ee7759d2c497/

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-2446
CVE
CVE-2025-2594
CVE
CVE-2025-7444
CVE
CVE-2025-14975
CVE
CVE-2026-1994
CVE
CVE-2025-1061
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.