Overview
- Description
- The Rover IDX plugin for WordPress is vulnerable to Authentication Bypass in versions up to, and including, 3.0.0.2905. This is due to insufficient validation and capability check on the 'rover_idx_refresh_social_callback' function. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to log in to administrator. The vulnerability is partially patched in version 3.0.0.2905 and fully patched in version 3.0.0.2906.
- Source
- security@wordfence.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
Social media
- Hype score
- Not currently trending
🚨 CVE-2024-10002 (Published: 2024-10-22) - A high-severity vulnerability in WordPress plugin "rover-idx" affects versions prior to 3.0.0.2903. Ensure you update to the latest version to mitigate risks. For more details, check the code here: https://t.co/CJDjVkiSvg #WordPress… ht
@transilienceai
26 Oct 2024
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-10002 (Published: 2024-10-22) - A high-severity vulnerability affects WordPress plugin Rover IDX. Versions exploited include 3.0.0.2903. 🛠️ Remediation: Update to the latest version to secure your site. For more details, check the code here: https://t.co/CJDjVkiSvg…
@transilienceai
26 Oct 2024
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-10002 (Published: 2024-10-22) - High severity vulnerability in Rover IDX. Affects versions prior to 3.0.0.2903. Remediation: Update to the latest version to secure your site. More details: [Rover IDX Plugin](https://t.co/DhVD1LlSck) #WordPress #Security
@transilienceai
26 Oct 2024
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-10002 (Published: 2024-10-22) - High severity vulnerability in Rover IDX versions prior to 3.0.0.2903. Exploitation can lead to serious security risks. 🛡️ Remediation: Update to the latest version immediately! More info: https://t.co/DhVD1LlSck #WordPress #Security
@transilienceai
26 Oct 2024
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-10002 (Published: 2024-10-22) - High severity vulnerability in Rover IDX versions prior to 3.0.0.2903. Exploitation can lead to serious security risks. 🛡️ Update to the latest version to mitigate this issue. For more details, check the link: https://t.co/DhVD1LlSck…
@transilienceai
26 Oct 2024
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-10002 The Rover IDX plugin for WordPress is vulnerable to Authentication Bypass in versions up to, and including, 3.0.0.2905. This is due to insufficient validation and cap… https://t.co/d5GjJgcm6Y
@CVEnew
22 Oct 2024
92 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2024-10002: HIGH] Security alert: Rover IDX plugin in WordPress <=3.0.0.2905 is prone to Authentication Bypass. Attackers could access admin privileges. Update to >=3.0.0.2906 version to fix this vulnerability.#cybersecurity,#vulnerability https://t.co/FebWdE75lc https
@CveFindCom
22 Oct 2024
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:roveridx:rover_idx:*:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"matchCriteriaId": "0D609616-B6C5-48C4-BD10-0B83AC2E2706",
"versionEndExcluding": "3.0.0.2906"
}
],
"operator": "OR"
}
]
}
]