Description
The Login with NEAR plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 0.3.3. The `ajaxLoginWithNear()` function — registered as a `wp_ajax_nopriv` action and therefore reachable by unauthenticated users — accepts an attacker-supplied `account` POST parameter and issues a valid WordPress authentication cookie based solely on a substring check for `.near`, with no nonce verification, cryptographic signature validation, challenge-response exchange, or any proof that the requester controls the corresponding NEAR wallet. This makes it possible for unauthenticated attackers to log in as any existing WordPress user, including administrators, whose email address matches the deterministic `<account>@near.org` pattern derived from the supplied `account` value. If no matching user exists, the handler automatically creates and authenticates a new WordPress account for the attacker-controlled identifier, providing a further avenue for unauthorized account creation.
Published: 2026-05-27
Score: 8.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Login with NEAR WordPress plugin contains an authentication bypass that permits unauthenticated attackers to authenticate as any existing user or automatically create a new user by sending a POST request to the ajaxLoginWithNear() handler. The plugin validates the supplied account parameter by simply checking for the string ".near" and issues a WordPress authentication cookie without nonce verification, cryptographic signature, or proof that the requester controls the associated NEAR wallet, violating fundamental authentication controls. Classified as CWE‑287, this flaw allows attackers to obtain full access to the site and its content.

Affected Systems

All installations of the LearnNearClub Login with NEAR plugin for WordPress with version 0.3.3 or earlier are affected. Sites that have the plugin enabled are at risk until the plugin is updated or removed.

Risk and Exploitability

The CVSS score of 8.1 indicates high severity. Exploitation is remote and requires only a crafted HTTP POST to an unauthenticated wp_ajax endpoint; no authentication, nonce, or permissions are needed. The endpoint is publicly reachable, making bypass trivial for malicious actors. The absence of a KEV listing does not mitigate the risk; the vulnerability remains a viable exploit vector.

Generated by OpenCVE AI on May 27, 2026 at 08:05 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Login with NEAR plugin to a patched version, if one is available.
  • If no update is available, disable or remove the plugin entirely from the WordPress installation.
  • As a temporary workaround, restrict the ajaxLoginWithNear() endpoint to authenticated users by removing the wp_ajax_nopriv action or adding proper permission checks.

Generated by OpenCVE AI on May 27, 2026 at 08:05 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 27 May 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 27 May 2026 10:30:00 +0000

Type Values Removed Values Added
First Time appeared Learnnearclub
Learnnearclub login With Near
Wordpress
Wordpress wordpress
Vendors & Products Learnnearclub
Learnnearclub login With Near
Wordpress
Wordpress wordpress

Wed, 27 May 2026 06:30:00 +0000

Type Values Removed Values Added
Description The Login with NEAR plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 0.3.3. The `ajaxLoginWithNear()` function — registered as a `wp_ajax_nopriv` action and therefore reachable by unauthenticated users — accepts an attacker-supplied `account` POST parameter and issues a valid WordPress authentication cookie based solely on a substring check for `.near`, with no nonce verification, cryptographic signature validation, challenge-response exchange, or any proof that the requester controls the corresponding NEAR wallet. This makes it possible for unauthenticated attackers to log in as any existing WordPress user, including administrators, whose email address matches the deterministic `<account>@near.org` pattern derived from the supplied `account` value. If no matching user exists, the handler automatically creates and authenticates a new WordPress account for the attacker-controlled identifier, providing a further avenue for unauthorized account creation.
Title Login with NEAR <= 0.3.3 - Authentication Bypass via 'account' Parameter
Weaknesses CWE-287
References
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Learnnearclub Login With Near
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2026-05-27T10:31:17.186Z

Reserved: 2026-05-19T13:27:21.764Z

Link: CVE-2026-8994

cve-icon Vulnrichment

Updated: 2026-05-27T10:31:12.694Z

cve-icon NVD

Status : Received

Published: 2026-05-27T07:16:18.917

Modified: 2026-05-27T07:16:18.917

Link: CVE-2026-8994

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-27T10:06:47Z

Weaknesses