CVE-2024-9822

Summary

CVE-2024-9822 identifies a critical vulnerability in the Pedalo Connector plugin for WordPress, affecting versions up to 2.0.5, which allows unauthenticated attackers to bypass authentication and potentially gain access to the administrator account. This flaw arises from insufficient restrictions on the 'login_admin_user' function, posing significant risks such as high confidentiality and integrity impacts, as well as potential loss of availability. Organizations using affected products should immediately update the plugin to version 2.0.6 or later to remediate this issue. With an exploitability score of 3.9 and a base severity rating of 9.8, this vulnerability can be exploited over the network with no privileges or user interaction required. Failure to address this vulnerability could result in unauthorized access and control over sensitive information and administrative capabilities within affected WordPress installations.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.