CVE-2026-2418

{"id": "CVE-2026-2418", "cveTags": [], "metrics": {"ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2026-2418", "role": "CISA Coordinator", "options": [{"exploitation": "poc"}, {"automatable": "yes"}, {"technicalImpact": "total"}], "version": "2.0.3", "timestamp": "2026-03-06T10:22:39.897835Z"}}], "cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 3.9}]}, "affected": [{"source": "contact@wpscan.com", "affectedData": [{"vendor": "Unknown", "product": "Login with Salesforce", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.0.2"}], "defaultStatus": "unknown"}]}], "published": "2026-03-05T06:16:51.883", "references": [{"url": "https://wpscan.com/vulnerability/b25c6cbc-39e7-4fa0-af0b-ee7759d2c497/", "source": "contact@wpscan.com"}], "vulnStatus": "Deferred", "descriptions": [{"lang": "en", "value": "The Login with Salesforce WordPress plugin through 1.0.2 does not validate that users are allowed to login through Salesforce, allowing unauthenticated users to be authenticated as any user (such as admin) by simply knowing the email"}, {"lang": "es", "value": "El plugin de WordPress Login with Salesforce hasta la versi\u00f3n 1.0.2 no valida que los usuarios tengan permiso para iniciar sesi\u00f3n a trav\u00e9s de Salesforce, permitiendo que usuarios no autenticados sean autenticados como cualquier usuario (como un administrador) simplemente conociendo el correo electr\u00f3nico."}], "lastModified": "2026-06-17T10:30:55.490", "sourceIdentifier": "contact@wpscan.com"}