1 results (0.013 seconds)
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-9822 – Pedalo Connector <= 2.0.5 - Authentication Bypass to Administrator
https://notcve.org/view.php?id=CVE-2024-9822
10 Oct 2024 — The Pedalo Connector plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.0.5. This is due to insufficient restriction on the 'login_admin_user' function. This makes it possible for unauthenticated attackers to log to the first user, who is usually the administrator, or if it does not exist, then to the first administrator. • https://github.com/RandomRobbieBF/CVE-2024-9822 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •