CVE-2024-10002 – The Rover IDX plugin for WordPress is vulnerable to Authentication Bypass in versions up …

22 October 2024

Vuln ID: CVE-2024-10002

Published: 2024-10-22 05:15:03.513

Description: The Rover IDX plugin for WordPress is vulnerable to Authentication Bypass in versions up to, and including, 3.0.0.2905. This is due to insufficient validation and capability check on the ‘rover_idx_refresh_social_callback’ function. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to log in to administrator. The vulnerability is partially patched in version 3.0.0.2905 and fully patched in version 3.0.0.2906.

Base Score: 8.8 – HIGH

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Source: NVD.NIST.GOV

Date:

22 October 2024

Categorie(s):

NVD

Tag(s):

NVD

Boost Your Digital Security with a Reliable File Checker Tool22 October 2024
VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability22 October 2024
Winnebago Public Schools Suffers Cyber Attack, Services Shut Down22 October 2024
Pixel perfect Ghostpulse malware loader hides inside PNG image files22 October 2024
CISA Adds ScienceLogic SL1 Vulnerability to Exploited Catalog After Active Zero-Day Attack22 October 2024