Authentication Bypass Vulnerability in DoLogin Security Plugin for WordPress
CVE-2026-14495
8.8HIGH
What is CVE-2026-14495?
The DoLogin Security plugin for WordPress contains a vulnerability that allows attackers to bypass authentication mechanisms. This occurs due to insufficient randomness during the generation of passwordless login tokens, relying on a predictable seeding method. By exploiting this flaw, an unauthenticated attacker could reconstruct valid login tokens, enabling unauthorized access to user accounts, including those of administrators. An attack requires knowledge of a user's numeric ID and a valid, unexpired passwordless login link, which are often guessable in practice.
Affected Version(s)
DoLogin Security 0 <= 4.3