CVE-2026-2418

Login with Salesforce <= 1.0.2 - Unauthenticated Authentication Bypass

Description

The Login with Salesforce WordPress plugin through 1.0.2 does not validate that users are allowed to login through Salesforce, allowing unauthenticated users to be authenticated as any user (such as admin) by simply knowing the email

INFO

Published Date :

2026-03-05T06:00:03.313Z

Last Modified :

2026-03-05T06:00:03.313Z

Source :

WPScan

AFFECTED PRODUCTS

The following products are affected by CVE-2026-2418 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-2418.

URL	Resource
https://wpscan.com/vulnerability/b25c6cbc-39e7-4fa0-af0b-ee7759d2c497/

CVE-2026-2418

Login with Salesforce <= 1.0.2 - Unauthenticated Authentication Bypass

Description

INFO

2026-03-05T06:00:03.313Z

2026-03-05T06:00:03.313Z

WPScan

AFFECTED PRODUCTS

REFERENCES

CVSS Vulnerability Scoring System