Vendor
The DoLogin Security plugin for WordPress, in all versions up to and including 4.3, is vulnerable to authentication bypass (CVE-2026-14495) due to insufficient randomness in magic-link token generation, allowing unauthenticated attackers to brute-force and reconstruct valid passwordless login tokens for any user, including administrators, and gain full control.