3 matches found
CVE-2024-10002 Rover IDX <= 3.0.0.2905 - Authenticated (Subscriber+) Authentication Bypass to Administrator
The Rover IDX plugin for WordPress is vulnerable to Authentication Bypass in versions up to, and including, 3.0.0.2905. This is due to insufficient validation and capability check on the 'roveridxrefreshsocialcallback' function. This makes it possible for authenticated attackers, with...
CVE-2024-10002 Rover IDX <= 3.0.0.2905 - Authenticated (Subscriber+) Authentication Bypass to Administrator
The Rover IDX plugin for WordPress is vulnerable to Authentication Bypass in versions up to, and including, 3.0.0.2905. This is due to insufficient validation and capability check on the 'roveridxrefreshsocialcallback' function. This makes it possible for authenticated attackers, with...
WordPress Rover IDX Plugin <= 3.0.0.2905 is vulnerable to Privilege Escalation
Software Rover IDX Type Plugin Vulnerable versions = 3.0.0.2905 Fixed in 3.0.0.2906 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-10002 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 08b7032800d8 Credits...