CVE-2024-50490

CRITICAL

PegaPoll <= 1.0.2 - Missing Authorization

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-50490. PoCs published by RandomRobbieBF.

AI-analyzed exploit summary This PoC demonstrates an unauthenticated arbitrary options update vulnerability in PegaPoll WordPress plugin <= 1.0.2, allowing attackers to modify site options such as enabling user registration and setting default roles to administrator.

Description

Missing Authorization vulnerability in lowcage PegaPoll pegapoll allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects PegaPoll: from n/a through <= 1.0.2.

Exploits (1)

nomisec WORKING POC
by RandomRobbieBF · poc
https://github.com/RandomRobbieBF/CVE-2024-50490

This PoC demonstrates an unauthenticated arbitrary options update vulnerability in PegaPoll WordPress plugin <= 1.0.2, allowing attackers to modify site options such as enabling user registration and setting default roles to administrator.

Classification
Working Poc 100%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: PegaPoll WordPress plugin <= 1.0.2
No auth needed
Prerequisites: WordPress site with PegaPoll plugin <= 1.0.2 installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 9.8
EPSS 0.0095
EPSS Percentile 56.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-862
Status published
Products (2)
lowcage/PegaPoll < 1.0.2
Szabolcs Szecsenyi/PegaPoll < 1.0.2
Published Oct 29, 2024
Tracked Since Feb 18, 2026