9.8
CVE-2024-9822
- EPSS 0.91%
- Veröffentlicht 11.10.2024 03:15:10
- Zuletzt bearbeitet 15.11.2024 16:41:41
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginPedalo Connector <= 2.0.5 - Authentication Bypass to Administrator
Pedalo Connector <= 2.0.5 - Authentication Bypass to Administrator
The Pedalo Connector plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.0.5. This is due to insufficient restriction on the 'login_admin_user' function. This makes it possible for unauthenticated attackers to log to the first user, who is usually the administrator, or if it does not exist, then to the first administrator.
Mögliche Gegenmaßnahme
Pedalo Connector: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Pedalo ≫ Pedalo Connector SwPlatformwordpress Version <= 2.0.5
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Pedalo Connector
Version
*-2.0.5
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.91% | 0.551 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@wordfence.com | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-288 Authentication Bypass Using an Alternate Path or Channel
The product requires authentication, but the product has an alternate path or channel that does not require authentication.
https://plugins.trac.wordpress.org/browser/pedalo-connector/tags/2.0.5/public/class-pedalo_connector-public.php#L118
https://www.wordfence.com/threat-intel/vulnerabilities/id/6ab0d342-bfa7-4760-b839-37c3354414ca?source=cve
https://www.wordfence.com/threat-intel/vulnerabilities/id/6ab0d342-bfa7-4760-b839-37c3354414ca