40,000+ Sites Exposed: Critical 9.8 CVSS Flaw Grants Total WordPress Account Takeover

**Critical authentication bypass in Temporary Login (CVE-2026-7567, CVSS 9.8):** a flaw in the plugin's maybe_login_temporary_user() handling of the temp-login-token parameter allows an attacker to pass an array instead of a scalar, causing sanitization and metadata lookup failures that permit unauthenticated administrative login; users are advised to upgrade to version 1.1.0 or later.