Lucene search
K

4 matches found

NVD
NVD
added 2024/10/22 5:15 a.m.41 views

CVE-2024-10002

The Rover IDX plugin for WordPress is vulnerable to Authentication Bypass in versions up to, and including, 3.0.0.2905. This is due to insufficient validation and capability check on the 'roveridxrefreshsocialcallback' function. This makes it possible for authenticated attackers, with...

8.8CVSS0.00535EPSS
Exploits0References4
OSV
OSV
added 2024/10/22 5:15 a.m.4 views

CVE-2024-10002

The Rover IDX plugin for WordPress is vulnerable to Authentication Bypass in versions up to, and including, 3.0.0.2905. This is due to insufficient validation and capability check on the 'roveridxrefreshsocialcallback' function. This makes it possible for authenticated attackers, with...

8.8CVSS5.8AI score0.00535EPSS
Exploits0References4
CVE
CVE
added 2024/10/22 4:31 a.m.67 views

CVE-2024-10002

CVE-2024-10002 — Rover IDX WordPress plugin : Authentication bypass in versions up to and including 3.0.0.2905 due to insufficient validation in rover_idx_refresh_social_callback, allowing authenticated users with subscriber-level permissions and above to log in as an administrator. Wordfence rep...

8.8CVSS8.5AI score0.00535EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2024/10/21 12:0 a.m.8 views

PT-2024-15967 · WordPress · Rover Idx Plugin

Name of the Vulnerable Software and Affected Versions: Rover IDX plugin for WordPress versions up to and including 3.0.0.2905 Description: The issue arises from insufficient validation and capability check on the rover idx refresh social callback function, allowing authenticated attackers with...

8.8CVSS6.7AI score0.00535EPSS
Exploits0References11
Rows per page
Query Builder