CVE-2026-2418

NONE EPSS 0.10%

Mar 05, 2026

Updated Mar 05, 2026

WordPress

Parameter	Value
Vendor	WordPress
Public PoC	No

The Login with Salesforce WordPress plugin through 1.0.2 does not validate that users are allowed to login through Salesforce, allowing unauthenticated users to be authenticated as any user (such as admin) by simply knowing the email

References 1

https://wpscan.com/vulnerability/b25c6cbc-39e7-4fa0-af0b-ee7759d2c497/

contact@wpscan.com

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-6439

WordPress

4.4

CVE-2026-6451

WordPress

4.3

CVE-2026-40308

WordPress

8.8

CVE-2026-3830

Unknown

None

CVE-2026-5809

WordPress

7.1

CVE Details

CVE ID

CVE-2026-2418

Published Date

Mar 05, 2026

Vendor

WordPress

Severity

NONE

Exploit Prediction (EPSS)

Probability of Exploit 0.10%

Likelihood of exploitation in next 30 days

Percentile: 28.1th percentile (higher than 28.1% of all CVEs)

Standard patching cycle

Impact

Minimal impact

Source

View Advisory

Menu

CVE-2026-2418

References 1

Related Vulnerabilities

CVE-2026-6439

CVE-2026-6451

CVE-2026-40308

CVE-2026-3830

CVE-2026-5809

CVE Details

Editor's Choice

Menu

CVE-2026-2418

References 1

Related Vulnerabilities

CVE-2026-6439

CVE-2026-6451

CVE-2026-40308

CVE-2026-3830

CVE-2026-5809

CVE Details

Editor's Choice

Stay informed on cybersecurity