The Pedalo Connector plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.0.5. This is due to insufficient restriction on the 'login_admin_user' function. This makes it possible for unauthenticated attackers to log to the first user, who is usually the administrator, or if it does not exist, then to the first administrator.
References
Configurations
History
15 Nov 2024, 16:41
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:pedalo:pedalo_connector:*:*:*:*:*:wordpress:*:* | |
First Time |
Pedalo pedalo Connector
Pedalo |
|
References | () https://plugins.trac.wordpress.org/browser/pedalo-connector/tags/2.0.5/public/class-pedalo_connector-public.php#L118 - Product | |
References | () https://www.wordfence.com/threat-intel/vulnerabilities/id/6ab0d342-bfa7-4760-b839-37c3354414ca?source=cve - Third Party Advisory |
15 Oct 2024, 12:58
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
11 Oct 2024, 03:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-10-11 03:15
Updated : 2024-11-15 16:41
NVD link : CVE-2024-9822
Mitre link : CVE-2024-9822
CVE.ORG link : CVE-2024-9822
JSON object : View
Products Affected
pedalo
- pedalo_connector
CWE
CWE-288
Authentication Bypass Using an Alternate Path or Channel