19 matches found
EUVD-2024-32855
Malicious code in bioql PyPI...
CVE-2024-10003
The Rover IDX plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 3.0.0.2903. This makes it possible for authenticated attackers, with subscriber-level access and...
CVE-2024-10003
The Rover IDX plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 3.0.0.2903. This makes it possible for authenticated attackers, with subscriber-level access and...
CVE-2024-10003
The Rover IDX plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 3.0.0.2903. This makes it possible for authenticated attackers, with subscriber-level access and...
CVE-2024-10002
The Rover IDX plugin for WordPress is vulnerable to Authentication Bypass in versions up to, and including, 3.0.0.2905. This is due to insufficient validation and capability check on the 'roveridxrefreshsocialcallback' function. This makes it possible for authenticated attackers, with...
CVE-2024-10002
The Rover IDX plugin for WordPress is vulnerable to Authentication Bypass in versions up to, and including, 3.0.0.2905. This is due to insufficient validation and capability check on the 'roveridxrefreshsocialcallback' function. This makes it possible for authenticated attackers, with...
CVE-2024-10003 Rover IDX <= 3.0.0.2903 - Authenticated (Subscriber+) Missing Authorization via Multiple Functions
The Rover IDX plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 3.0.0.2903. This makes it possible for authenticated attackers, with subscriber-level access and...
CVE-2024-10003 Rover IDX <= 3.0.0.2903 - Authenticated (Subscriber+) Missing Authorization via Multiple Functions
The Rover IDX plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 3.0.0.2903. This makes it possible for authenticated attackers, with subscriber-level access and...
CVE-2024-10003
CVE-2024-10003 (Rover IDX for WordPress) affects Rover IDX plugin, versions up to 3.0.0.2903. Root cause is a missing capability check on multiple functions, enabling authenticated attackers with subscriber-level access or higher to add, modify, or delete plugin options, potentially leading to un...
CVE-2024-10002 Rover IDX <= 3.0.0.2905 - Authenticated (Subscriber+) Authentication Bypass to Administrator
The Rover IDX plugin for WordPress is vulnerable to Authentication Bypass in versions up to, and including, 3.0.0.2905. This is due to insufficient validation and capability check on the 'roveridxrefreshsocialcallback' function. This makes it possible for authenticated attackers, with...
CVE-2024-10002 Rover IDX <= 3.0.0.2905 - Authenticated (Subscriber+) Authentication Bypass to Administrator
The Rover IDX plugin for WordPress is vulnerable to Authentication Bypass in versions up to, and including, 3.0.0.2905. This is due to insufficient validation and capability check on the 'roveridxrefreshsocialcallback' function. This makes it possible for authenticated attackers, with...
CVE-2024-10002
CVE-2024-10002 — Rover IDX WordPress plugin : Authentication bypass in versions up to and including 3.0.0.2905 due to insufficient validation in rover_idx_refresh_social_callback, allowing authenticated users with subscriber-level permissions and above to log in as an administrator. Wordfence rep...
WordPress plugin Rover IDX 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
PT-2024-15968 · WordPress · Rover Idx Plugin
Name of the Vulnerable Software and Affected Versions: Rover IDX plugin for WordPress versions up to, and including, 3.0.0.2903 Description: The issue allows unauthorized access, modification, and loss of data due to a missing capability check on multiple functions. This makes it possible for...
WordPress Rover IDX plugin <= 3.0.0.2905 - Authenticated (Subscriber+) Authentication Bypass to Administrator vulnerability
Authenticated Subscriber+ Authentication Bypass to Administrator vulnerability discovered by István Márton in WordPress Plugin Rover IDX versions = 3.0.0.2905...
WordPress Rover IDX plugin <= 3.0.0.2903 - Authenticated (Subscriber+) Missing Authorization via Multiple Functions vulnerability
Authenticated Subscriber+ Missing Authorization via Multiple Functions vulnerability discovered by István Márton in WordPress Plugin Rover IDX versions = 3.0.0.2903...
WordPress Rover IDX Plugin <= 3.0.0.2903 is vulnerable to Broken Access Control
Software Rover IDX Type Plugin Vulnerable versions = 3.0.0.2903 Fixed in 3.0.0.2905 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-10003 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 2b090aab193c Credits István Márton Required...
WordPress Rover IDX Plugin <= 3.0.0.2905 is vulnerable to Privilege Escalation
Software Rover IDX Type Plugin Vulnerable versions = 3.0.0.2905 Fixed in 3.0.0.2906 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-10002 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 08b7032800d8 Credits...
PT-2024-15967 · WordPress · Rover Idx Plugin
Name of the Vulnerable Software and Affected Versions: Rover IDX plugin for WordPress versions up to and including 3.0.0.2905 Description: The issue arises from insufficient validation and capability check on the rover idx refresh social callback function, allowing authenticated attackers with...