CVE-2024-10003

The Rover IDX plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 3.0.0.2903. This makes it possible for authenticated attackers, with subscriber-level access and above, to add, modify, or delete plugin options.
Configurations

Configuration 1 (hide)

cpe:2.3:a:roveridx:rover_idx:*:*:*:*:*:wordpress:*:*

History

25 Oct 2024, 21:19

Type Values Removed Values Added
References () https://plugins.trac.wordpress.org/browser/rover-idx/tags/3.0.0.2903/admin/rover-panel-setup.php#L120 - () https://plugins.trac.wordpress.org/browser/rover-idx/tags/3.0.0.2903/admin/rover-panel-setup.php#L120 - Product
References () https://plugins.trac.wordpress.org/browser/rover-idx/tags/3.0.0.2903/admin/rover-panel-setup.php#L152 - () https://plugins.trac.wordpress.org/browser/rover-idx/tags/3.0.0.2903/admin/rover-panel-setup.php#L152 - Product
References () https://plugins.trac.wordpress.org/browser/rover-idx/tags/3.0.0.2903/admin/rover-panel-setup.php#L199 - () https://plugins.trac.wordpress.org/browser/rover-idx/tags/3.0.0.2903/admin/rover-panel-setup.php#L199 - Product
References () https://plugins.trac.wordpress.org/browser/rover-idx/tags/3.0.0.2903/admin/rover-panel-setup.php#L225 - () https://plugins.trac.wordpress.org/browser/rover-idx/tags/3.0.0.2903/admin/rover-panel-setup.php#L225 - Product
References () https://plugins.trac.wordpress.org/browser/rover-idx/tags/3.0.0.2903/admin/rover-panel-setup.php#L240 - () https://plugins.trac.wordpress.org/browser/rover-idx/tags/3.0.0.2903/admin/rover-panel-setup.php#L240 - Product
References () https://plugins.trac.wordpress.org/browser/rover-idx/tags/3.0.0.2903/admin/rover-panel-setup.php#L270 - () https://plugins.trac.wordpress.org/browser/rover-idx/tags/3.0.0.2903/admin/rover-panel-setup.php#L270 - Product
References () https://plugins.trac.wordpress.org/browser/rover-idx/tags/3.0.0.2903/admin/rover-panel-setup.php#L76 - () https://plugins.trac.wordpress.org/browser/rover-idx/tags/3.0.0.2903/admin/rover-panel-setup.php#L76 - Product
References () https://plugins.trac.wordpress.org/changeset/3171681/rover-idx - () https://plugins.trac.wordpress.org/changeset/3171681/rover-idx - Patch
References () https://www.wordfence.com/threat-intel/vulnerabilities/id/cdf67099-5514-45ba-9a4c-10af984bf593?source=cve - () https://www.wordfence.com/threat-intel/vulnerabilities/id/cdf67099-5514-45ba-9a4c-10af984bf593?source=cve - Third Party Advisory
First Time Roveridx
Roveridx rover Idx
CPE cpe:2.3:a:roveridx:rover_idx:*:*:*:*:*:wordpress:*:*

23 Oct 2024, 15:12

Type Values Removed Values Added
Summary
  • (es) El complemento Rover IDX para WordPress es vulnerable al acceso no autorizado, la modificación y la pérdida de datos debido a la falta de una comprobación de capacidad en varias funciones en todas las versiones hasta la 3.0.0.2903 incluida. Esto permite que atacantes autenticados, con acceso de nivel de suscriptor o superior, agreguen, modifiquen o eliminen opciones del complemento.

22 Oct 2024, 05:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-22 05:15

Updated : 2024-10-25 21:19


NVD link : CVE-2024-10003

Mitre link : CVE-2024-10003

CVE.ORG link : CVE-2024-10003


JSON object : View

Products Affected

roveridx

  • rover_idx
CWE
CWE-862

Missing Authorization