NVD HIGH: CVE-2026-8994 — The Login with NEAR plugin for WordPress is vulnerable to Authentication Bypass ...
The Login with NEAR plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 0.3.3. The `ajaxLoginWithNear()` function — registered as a `wp_ajax_nopriv` action and therefore reachable by unauthenticated users — accepts an attacker-supplied `account` POST parameter and issues a valid WordPress authentication cookie based solely on a substring check for `.ne
CVE-2026-8994