Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.1
Salesforce Login Plugin on WordPress Fails to Check User Permissions
CVE-2026-2418
Summary
The Salesforce Login plugin for WordPress does not properly verify user permissions. This allows anyone to log in as any user, including the admin, by knowing their email. To fix this, update the plugin to version 1.0.3 or higher.
Original title
The Login with Salesforce WordPress plugin through 1.0.2 does not validate that users are allowed to login through Salesforce, allowing unauthenticated users to be authenticated as any user (such a...
Original description
The Login with Salesforce WordPress plugin through 1.0.2 does not validate that users are allowed to login through Salesforce, allowing unauthenticated users to be authenticated as any user (such as admin) by simply knowing the email
nvd CVSS3.1
9.1
Published: 5 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026