Authentication Bypass Vulnerability in Login with NEAR Plugin for WordPress
CVE-2026-8994

8.1HIGH

Key Information:

Vendor: WordPress
Status: Login With Near
Vendor: CVE Published:; 27 May 2026

What is CVE-2026-8994?

The Login with NEAR plugin for WordPress is susceptible to an authentication bypass issue that allows unauthenticated users to gain access to WordPress accounts. This vulnerability arises from the 'ajaxLoginWithNear()' function, which lacks proper nonce verification and relies solely on substring checks for email patterns. Attackers can leverage this to log in as any WordPress user with an email address following a specific format, or even create unauthorized accounts if no matches are found. This poses a significant risk, particularly for administrators, and highlights the need for vigilance in utilizing secure authentication methods.

Affected Version(s)

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/near-login/tru...

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 27, 2026
Vulnerability Reserved
May 19, 2026

Credit

Joy Gilbert

CVE-2026-8994 Data

JSON