Lucene search
K

19 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2024-32855

Malicious code in bioql PyPI...

8.8CVSS6.5AI score0.00535EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 10:40 a.m.7 views

CVE-2024-10003

The Rover IDX plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 3.0.0.2903. This makes it possible for authenticated attackers, with subscriber-level access and...

6.3CVSS6.5AI score0.00418EPSS
Exploits0References1
OSV
OSV
added 2024/10/22 5:15 a.m.5 views

CVE-2024-10003

The Rover IDX plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 3.0.0.2903. This makes it possible for authenticated attackers, with subscriber-level access and...

6.3CVSS5.8AI score0.00418EPSS
Exploits0References9
NVD
NVD
added 2024/10/22 5:15 a.m.16 views

CVE-2024-10003

The Rover IDX plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 3.0.0.2903. This makes it possible for authenticated attackers, with subscriber-level access and...

6.3CVSS0.00418EPSS
Exploits0References9
NVD
NVD
added 2024/10/22 5:15 a.m.41 views

CVE-2024-10002

The Rover IDX plugin for WordPress is vulnerable to Authentication Bypass in versions up to, and including, 3.0.0.2905. This is due to insufficient validation and capability check on the 'roveridxrefreshsocialcallback' function. This makes it possible for authenticated attackers, with...

8.8CVSS0.00535EPSS
Exploits0References4
OSV
OSV
added 2024/10/22 5:15 a.m.4 views

CVE-2024-10002

The Rover IDX plugin for WordPress is vulnerable to Authentication Bypass in versions up to, and including, 3.0.0.2905. This is due to insufficient validation and capability check on the 'roveridxrefreshsocialcallback' function. This makes it possible for authenticated attackers, with...

8.8CVSS5.8AI score0.00535EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/10/22 4:31 a.m.14 views

CVE-2024-10003 Rover IDX <= 3.0.0.2903 - Authenticated (Subscriber+) Missing Authorization via Multiple Functions

The Rover IDX plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 3.0.0.2903. This makes it possible for authenticated attackers, with subscriber-level access and...

6.3CVSS6.8AI score0.00418EPSS
Exploits0References9
Cvelist
Cvelist
added 2024/10/22 4:31 a.m.23 views

CVE-2024-10003 Rover IDX <= 3.0.0.2903 - Authenticated (Subscriber+) Missing Authorization via Multiple Functions

The Rover IDX plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 3.0.0.2903. This makes it possible for authenticated attackers, with subscriber-level access and...

6.3CVSS0.00418EPSS
Exploits0References9
CVE
CVE
added 2024/10/22 4:31 a.m.54 views

CVE-2024-10003

CVE-2024-10003 (Rover IDX for WordPress) affects Rover IDX plugin, versions up to 3.0.0.2903. Root cause is a missing capability check on multiple functions, enabling authenticated attackers with subscriber-level access or higher to add, modify, or delete plugin options, potentially leading to un...

6.3CVSS6.3AI score0.00418EPSS
Exploits0References9Affected Software1
Cvelist
Cvelist
added 2024/10/22 4:31 a.m.35 views

CVE-2024-10002 Rover IDX <= 3.0.0.2905 - Authenticated (Subscriber+) Authentication Bypass to Administrator

The Rover IDX plugin for WordPress is vulnerable to Authentication Bypass in versions up to, and including, 3.0.0.2905. This is due to insufficient validation and capability check on the 'roveridxrefreshsocialcallback' function. This makes it possible for authenticated attackers, with...

8.8CVSS0.00535EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/10/22 4:31 a.m.13 views

CVE-2024-10002 Rover IDX <= 3.0.0.2905 - Authenticated (Subscriber+) Authentication Bypass to Administrator

The Rover IDX plugin for WordPress is vulnerable to Authentication Bypass in versions up to, and including, 3.0.0.2905. This is due to insufficient validation and capability check on the 'roveridxrefreshsocialcallback' function. This makes it possible for authenticated attackers, with...

8.8CVSS6.8AI score0.00535EPSS
Exploits0References4
CVE
CVE
added 2024/10/22 4:31 a.m.65 views

CVE-2024-10002

CVE-2024-10002 — Rover IDX WordPress plugin : Authentication bypass in versions up to and including 3.0.0.2905 due to insufficient validation in rover_idx_refresh_social_callback, allowing authenticated users with subscriber-level permissions and above to log in as an administrator. Wordfence rep...

8.8CVSS8.5AI score0.00535EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2024/10/22 12:0 a.m.3 views

WordPress plugin Rover IDX 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

6.3CVSS6.6AI score0.00418EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2024/10/22 12:0 a.m.6 views

PT-2024-15968 · WordPress · Rover Idx Plugin

Name of the Vulnerable Software and Affected Versions: Rover IDX plugin for WordPress versions up to, and including, 3.0.0.2903 Description: The issue allows unauthorized access, modification, and loss of data due to a missing capability check on multiple functions. This makes it possible for...

6.3CVSS6.6AI score0.00418EPSS
Exploits0References14
Patchstack
Patchstack
added 2024/10/21 7:14 p.m.5 views

WordPress Rover IDX plugin <= 3.0.0.2905 - Authenticated (Subscriber+) Authentication Bypass to Administrator vulnerability

Authenticated Subscriber+ Authentication Bypass to Administrator vulnerability discovered by István Márton in WordPress Plugin Rover IDX versions = 3.0.0.2905...

8.8CVSS7AI score0.00535EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/10/21 7:8 p.m.4 views

WordPress Rover IDX plugin <= 3.0.0.2903 - Authenticated (Subscriber+) Missing Authorization via Multiple Functions vulnerability

Authenticated Subscriber+ Missing Authorization via Multiple Functions vulnerability discovered by István Márton in WordPress Plugin Rover IDX versions = 3.0.0.2903...

6.3CVSS7AI score0.00418EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/10/21 12:0 a.m.10 views

WordPress Rover IDX Plugin <= 3.0.0.2903 is vulnerable to Broken Access Control

Software Rover IDX Type Plugin Vulnerable versions = 3.0.0.2903 Fixed in 3.0.0.2905 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-10003 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 2b090aab193c Credits István Márton Required...

6.3CVSS6.5AI score0.00418EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/10/21 12:0 a.m.12 views

WordPress Rover IDX Plugin <= 3.0.0.2905 is vulnerable to Privilege Escalation

Software Rover IDX Type Plugin Vulnerable versions = 3.0.0.2905 Fixed in 3.0.0.2906 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-10002 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 08b7032800d8 Credits...

8.8CVSS6.5AI score0.00535EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2024/10/21 12:0 a.m.7 views

PT-2024-15967 · WordPress · Rover Idx Plugin

Name of the Vulnerable Software and Affected Versions: Rover IDX plugin for WordPress versions up to and including 3.0.0.2905 Description: The issue arises from insufficient validation and capability check on the rover idx refresh social callback function, allowing authenticated attackers with...

8.8CVSS6.7AI score0.00535EPSS
Exploits0References11
Rows per page
Query Builder