LeakyCreds
NewInstant webhook alerts now available — notified within seconds of any credential detection.Learn more →
Home / Vulnerability Intelligence / CVE-2026-2418

CVE-2026-2418 - Vulnerability Analysis

CriticalCVSS: 9.1

Last Updated: March 6, 2026

Login with Salesforce WordPress - Authentication Bypass

Published: March 5, 2026Updated: March 6, 2026Remote Exploitable

Overview

Login with Salesforce WordPress plugin through 1.0.2 contains an authentication bypass caused by lack of validation for allowed Salesforce login users, letting unauthenticated attackers authenticate as any user by knowing their email.

Severity & Score

Severity: Critical
CVSS Score: 9.1

Impact

Unauthenticated attackers can log in as any user, including administrators, leading to full account compromise.

Mitigation

Update to the latest version of the Login with Salesforce WordPress plugin.

References

Related Resources

Details

CVE ID
CVE-2026-2418
Severity
Critical
CVSS Score
9.1
Type
broken_authentication
Status
unconfirmed

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N