CVE-2024-10002

The Rover IDX plugin for WordPress is vulnerable to Authentication Bypass in versions up to, and including, 3.0.0.2905. This is due to insufficient validation and capability check on the 'rover_idx_refresh_social_callback' function. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to log in to administrator. The vulnerability is partially patched in version 3.0.0.2905 and fully patched in version 3.0.0.2906.
Configurations

Configuration 1 (hide)

cpe:2.3:a:roveridx:rover_idx:*:*:*:*:*:wordpress:*:*

History

25 Oct 2024, 21:20

Type Values Removed Values Added
References () https://plugins.trac.wordpress.org/browser/rover-idx/tags/3.0.0.2903/admin/rover-panel-social.php#L153 - () https://plugins.trac.wordpress.org/browser/rover-idx/tags/3.0.0.2903/admin/rover-panel-social.php#L153 - Product
References () https://plugins.trac.wordpress.org/browser/rover-idx/tags/3.0.0.2903/rover-social-common.php#L148 - () https://plugins.trac.wordpress.org/browser/rover-idx/tags/3.0.0.2903/rover-social-common.php#L148 - Product
References () https://plugins.trac.wordpress.org/changeset/3173032/rover-idx/trunk/rover-social-common.php - () https://plugins.trac.wordpress.org/changeset/3173032/rover-idx/trunk/rover-social-common.php - Patch
References () https://www.wordfence.com/threat-intel/vulnerabilities/id/5cf6a9fb-3c3b-48ad-a39b-77a529b89901?source=cve - () https://www.wordfence.com/threat-intel/vulnerabilities/id/5cf6a9fb-3c3b-48ad-a39b-77a529b89901?source=cve - Third Party Advisory
CWE CWE-306
CPE cpe:2.3:a:roveridx:rover_idx:*:*:*:*:*:wordpress:*:*
First Time Roveridx
Roveridx rover Idx

23 Oct 2024, 15:12

Type Values Removed Values Added
Summary
  • (es) El complemento Rover IDX para WordPress es vulnerable a la omisión de autenticación en versiones hasta la 3.0.0.2905 incluida. Esto se debe a una validación y comprobación de capacidad insuficientes en la función 'rover_idx_refresh_social_callback'. Esto hace posible que atacantes autenticados, con permisos de nivel de suscriptor y superiores, inicien sesión en el administrador. La vulnerabilidad está parcialmente corregida en la versión 3.0.0.2905 y completamente corregida en la versión 3.0.0.2906.

22 Oct 2024, 05:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-22 05:15

Updated : 2024-10-25 21:20


NVD link : CVE-2024-10002

Mitre link : CVE-2024-10002

CVE.ORG link : CVE-2024-10002


JSON object : View

Products Affected

roveridx

  • rover_idx
CWE
CWE-306

Missing Authentication for Critical Function

CWE-288

Authentication Bypass Using an Alternate Path or Channel