The Rover IDX plugin for WordPress is vulnerable to Authentication Bypass in versions up to, and including, 3.0.0.2905. This is due to insufficient validation and capability check on the 'rover_idx_refresh_social_callback' function. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to log in to administrator. The vulnerability is partially patched in version 3.0.0.2905 and fully patched in version 3.0.0.2906.
References
Configurations
No configuration.
History
22 Oct 2024, 05:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-10-22 05:15
Updated : 2024-10-22 05:15
NVD link : CVE-2024-10002
Mitre link : CVE-2024-10002
CVE.ORG link : CVE-2024-10002
JSON object : View
Products Affected
No product.
CWE
CWE-288
Authentication Bypass Using an Alternate Path or Channel