CVE-2026-8994

Name of the Vulnerable Software and Affected Versions Login with NEAR plugin for WordPress versions prior to 0.3.4

Description The plugin contains an authentication bypass flaw within the ajaxLoginWithNear() function. This function is registered as a wp ajax nopriv action, making it accessible to unauthenticated users. It accepts an attacker-supplied account POST parameter and issues a valid WordPress authentication cookie based only on a substring check for .near. The process lacks nonce verification, cryptographic signature validation, challenge-response exchanges, or proof of wallet ownership. Consequently, unauthenticated attackers can log in as any existing user, including administrators, whose email matches the <account>@near.org pattern. If no matching user is found, the system automatically creates and authenticates a new account for the identifier provided.

Recommendations Update the plugin to a version later than 0.3.3. As a temporary workaround, restrict access to the ajaxLoginWithNear() function to minimize the risk of exploitation.