Логотип exploitDog
bind:CVE-2024-9822
Консоль
Логотип exploitDog

exploitDog

bind:CVE-2024-9822

Количество 2

Количество 2

nvd логотип

CVE-2024-9822

10 месяцев назад

The Pedalo Connector plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.0.5. This is due to insufficient restriction on the 'login_admin_user' function. This makes it possible for unauthenticated attackers to log to the first user, who is usually the administrator, or if it does not exist, then to the first administrator.

CVSS3: 9.8
EPSS: Средний
github логотип

GHSA-242h-xpv3-fj4h

10 месяцев назад

The Pedalo Connector plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.0.5. This is due to insufficient restriction on the 'login_admin_user' function. This makes it possible for unauthenticated attackers to log to the first user, who is usually the administrator, or if it does not exist, then to the first administrator.

CVSS3: 9.8
EPSS: Средний

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
nvd логотип
CVE-2024-9822

The Pedalo Connector plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.0.5. This is due to insufficient restriction on the 'login_admin_user' function. This makes it possible for unauthenticated attackers to log to the first user, who is usually the administrator, or if it does not exist, then to the first administrator.

CVSS3: 9.8
15%
Средний
10 месяцев назад
github логотип
GHSA-242h-xpv3-fj4h

The Pedalo Connector plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.0.5. This is due to insufficient restriction on the 'login_admin_user' function. This makes it possible for unauthenticated attackers to log to the first user, who is usually the administrator, or if it does not exist, then to the first administrator.

CVSS3: 9.8
15%
Средний
10 месяцев назад

Уязвимостей на страницу