[CYBERDIGEST]
⊞ Dashboard ⚡ Intelligence 📝 Reports 📚 Global Threats 💻 Hack Lab 🗄️ Resources ⌬ 0xJerry's Lab
📡 RSS Feed
System Online

Tag

#CVE-2026-14495

articleHIGH 8.8

CVE-2026-14495: Critical Authentication Bypass in DoLogin Security Plugin for WordPress

The DoLogin Security plugin for WordPress is vulnerable to authentication bypass due to insufficient randomness in all versions up to and including 4.3. This vulnerability allows unauthenticated attackers to brute-force a limited seed space and reconstruct active passwordless login tokens, enabling them to authenticate as any targeted user, including administrators, without a password. The vulnerability has a CVSS score of 8.8 and requires a valid, unexpired passwordless login link to exist for the target account. Immediate patching is recommended.

Jul 9, 20261 source