CVE-2024-10002

The Rover IDX plugin for WordPress is vulnerable to Authentication Bypass in versions up to, and including, 3.0.0.2905. This is due to insufficient validation and capability check on the 'roveridxrefreshsocialcallback' function. This makes it possible for authenticated attackers, with...

CVE-2024-10002

The Rover IDX plugin for WordPress is vulnerable to Authentication Bypass in versions up to, and including, 3.0.0.2905. This is due to insufficient validation and capability check on the 'roveridxrefreshsocialcallback' function. This makes it possible for authenticated attackers, with...

CVE-2024-10002

CVE-2024-10002 — Rover IDX WordPress plugin : Authentication bypass in versions up to and including 3.0.0.2905 due to insufficient validation in rover_idx_refresh_social_callback, allowing authenticated users with subscriber-level permissions and above to log in as an administrator. Wordfence rep...

WordPress Rover IDX plugin <= 3.0.0.2905 - Authenticated (Subscriber+) Authentication Bypass to Administrator vulnerability

Authenticated Subscriber+ Authentication Bypass to Administrator vulnerability discovered by István Márton in WordPress Plugin Rover IDX versions = 3.0.0.2905...

PT-2024-15967 · WordPress · Rover Idx Plugin

Name of the Vulnerable Software and Affected Versions: Rover IDX plugin for WordPress versions up to and including 3.0.0.2905 Description: The issue arises from insufficient validation and capability check on the rover idx refresh social callback function, allowing authenticated attackers with...

WordPress Rover IDX Plugin <= 3.0.0.2905 is vulnerable to Privilege Escalation

Software Rover IDX Type Plugin Vulnerable versions = 3.0.0.2905 Fixed in 3.0.0.2906 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-10002 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 08b7032800d8 Credits...