The Pedalo Connector plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.0.5. This is due to insufficient restriction on the 'login_admin_user' function. This makes it possible for unauthenticated attackers to log to the first user, who is usually the administrator, or if it does not exist, then to the first administrator.
References
Configurations
No configuration.
History
15 Oct 2024, 12:58
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
11 Oct 2024, 03:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-10-11 03:15
Updated : 2024-10-15 12:58
NVD link : CVE-2024-9822
Mitre link : CVE-2024-9822
CVE.ORG link : CVE-2024-9822
JSON object : View
Products Affected
No product.
CWE
CWE-288
Authentication Bypass Using an Alternate Path or Channel