Vulnerability Details CVE-2024-10002
The Rover IDX plugin for WordPress is vulnerable to Authentication Bypass in versions up to, and including, 3.0.0.2905. This is due to insufficient validation and capability check on the 'rover_idx_refresh_social_callback' function. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to log in to administrator. The vulnerability is partially patched in version 3.0.0.2905 and fully patched in version 3.0.0.2906.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 73.9%
CVSS Severity
CVSS v3 Score 8.8
References
- https://plugins.trac.wordpress.org/browser/rover-idx/tags/3.0.0.2903/admin/rover-panel-social.php#L153
- https://plugins.trac.wordpress.org/browser/rover-idx/tags/3.0.0.2903/rover-social-common.php#L148
- https://plugins.trac.wordpress.org/changeset/3173032/rover-idx/trunk/rover-social-common.php
- https://www.wordfence.com/threat-intel/vulnerabilities/id/5cf6a9fb-3c3b-48ad-a39b-77a529b89901?source=cve
Products affected by CVE-2024-10002
-
cpe:2.3:a:roveridx:rover_idx:-
-
cpe:2.3:a:roveridx:rover_idx:1.2.6.1606
-
cpe:2.3:a:roveridx:rover_idx:2.0
-
cpe:2.3:a:roveridx:rover_idx:2.0.0.1273
-
cpe:2.3:a:roveridx:rover_idx:2.0.0.1302
-
cpe:2.3:a:roveridx:rover_idx:2.0.0.1304
-
cpe:2.3:a:roveridx:rover_idx:2.0.0.1306
-
cpe:2.3:a:roveridx:rover_idx:2.0.0.1307
-
cpe:2.3:a:roveridx:rover_idx:2.0.0.1308
-
cpe:2.3:a:roveridx:rover_idx:2.0.0.1309
-
cpe:2.3:a:roveridx:rover_idx:2.0.0.1310
-
cpe:2.3:a:roveridx:rover_idx:2.0.0.1311
-
cpe:2.3:a:roveridx:rover_idx:2.0.0.1312
-
cpe:2.3:a:roveridx:rover_idx:2.0.0.1313
-
cpe:2.3:a:roveridx:rover_idx:2.0.0.1314
-
cpe:2.3:a:roveridx:rover_idx:2.0.0.1315
-
cpe:2.3:a:roveridx:rover_idx:2.0.0.1316
-
cpe:2.3:a:roveridx:rover_idx:2.0.0.1317
-
cpe:2.3:a:roveridx:rover_idx:2.0.0.1318
-
cpe:2.3:a:roveridx:rover_idx:2.0.0.1323
-
cpe:2.3:a:roveridx:rover_idx:2.0.0.1324
-
cpe:2.3:a:roveridx:rover_idx:2.0.0.1325
-
cpe:2.3:a:roveridx:rover_idx:2.0.0.1326
-
cpe:2.3:a:roveridx:rover_idx:2.0.0.1327
-
cpe:2.3:a:roveridx:rover_idx:2.0.0.1328
-
cpe:2.3:a:roveridx:rover_idx:2.0.0.1329
-
cpe:2.3:a:roveridx:rover_idx:2.0.0.1330
-
cpe:2.3:a:roveridx:rover_idx:2.0.0.1331
-
cpe:2.3:a:roveridx:rover_idx:2.0.0.1332
-
cpe:2.3:a:roveridx:rover_idx:2.0.0.1333
-
cpe:2.3:a:roveridx:rover_idx:2.1.0.1746
-
cpe:2.3:a:roveridx:rover_idx:2.1.0.1747
-
cpe:2.3:a:roveridx:rover_idx:2.1.0.1748
-
cpe:2.3:a:roveridx:rover_idx:2.1.0.1749
-
cpe:2.3:a:roveridx:rover_idx:2.1.0.1755
-
cpe:2.3:a:roveridx:rover_idx:2.1.0.1971
-
cpe:2.3:a:roveridx:rover_idx:2.1.0.1978
-
cpe:2.3:a:roveridx:rover_idx:2.1.0.1979
-
cpe:2.3:a:roveridx:rover_idx:2.1.0.1985
-
cpe:2.3:a:roveridx:rover_idx:2.1.0.2027
-
cpe:2.3:a:roveridx:rover_idx:2.1.0.2034
-
cpe:2.3:a:roveridx:rover_idx:2.1.0.2041
-
cpe:2.3:a:roveridx:rover_idx:2.1.0.2042
-
cpe:2.3:a:roveridx:rover_idx:2.1.0.2043
-
cpe:2.3:a:roveridx:rover_idx:2.1.0.2080
-
cpe:2.3:a:roveridx:rover_idx:2.1.0.2105
-
cpe:2.3:a:roveridx:rover_idx:2.1.0.2192
-
cpe:2.3:a:roveridx:rover_idx:2.1.0.2229
-
cpe:2.3:a:roveridx:rover_idx:2.1.0.2283
-
cpe:2.3:a:roveridx:rover_idx:2.1.0.2292
-
cpe:2.3:a:roveridx:rover_idx:2.1.0.2293
-
cpe:2.3:a:roveridx:rover_idx:2.1.0.2294
-
cpe:2.3:a:roveridx:rover_idx:2.1.0.2300
-
cpe:2.3:a:roveridx:rover_idx:2.1.0.2324
-
cpe:2.3:a:roveridx:rover_idx:2.1.0.2326
-
cpe:2.3:a:roveridx:rover_idx:2.1.0.2327
-
cpe:2.3:a:roveridx:rover_idx:2.1.0.2328
-
cpe:2.3:a:roveridx:rover_idx:2.1.0.2329
-
cpe:2.3:a:roveridx:rover_idx:3.0.0.1859
-
cpe:2.3:a:roveridx:rover_idx:3.0.0.1860
-
cpe:2.3:a:roveridx:rover_idx:3.0.0.1861
-
cpe:2.3:a:roveridx:rover_idx:3.0.0.2024
-
cpe:2.3:a:roveridx:rover_idx:3.0.0.2028
-
cpe:2.3:a:roveridx:rover_idx:3.0.0.2053
-
cpe:2.3:a:roveridx:rover_idx:3.0.0.2057
-
cpe:2.3:a:roveridx:rover_idx:3.0.0.2095
-
cpe:2.3:a:roveridx:rover_idx:3.0.0.2133
-
cpe:2.3:a:roveridx:rover_idx:3.0.0.2140
-
cpe:2.3:a:roveridx:rover_idx:3.0.0.2193
-
cpe:2.3:a:roveridx:rover_idx:3.0.0.2214
-
cpe:2.3:a:roveridx:rover_idx:3.0.0.2215
-
cpe:2.3:a:roveridx:rover_idx:3.0.0.2235
-
cpe:2.3:a:roveridx:rover_idx:3.0.0.2243
-
cpe:2.3:a:roveridx:rover_idx:3.0.0.2244
-
cpe:2.3:a:roveridx:rover_idx:3.0.0.2349
-
cpe:2.3:a:roveridx:rover_idx:3.0.0.2350
-
cpe:2.3:a:roveridx:rover_idx:3.0.0.2352
-
cpe:2.3:a:roveridx:rover_idx:3.0.0.2353
-
cpe:2.3:a:roveridx:rover_idx:3.0.0.2363
-
cpe:2.3:a:roveridx:rover_idx:3.0.0.2371
-
cpe:2.3:a:roveridx:rover_idx:3.0.0.2379
-
cpe:2.3:a:roveridx:rover_idx:3.0.0.2385
-
cpe:2.3:a:roveridx:rover_idx:3.0.0.2386
-
cpe:2.3:a:roveridx:rover_idx:3.0.0.2387
-
cpe:2.3:a:roveridx:rover_idx:3.0.0.2390
-
cpe:2.3:a:roveridx:rover_idx:3.0.0.2392
-
cpe:2.3:a:roveridx:rover_idx:3.0.0.2397
-
cpe:2.3:a:roveridx:rover_idx:3.0.0.2400
-
cpe:2.3:a:roveridx:rover_idx:3.0.0.2480
-
cpe:2.3:a:roveridx:rover_idx:3.0.0.2527
-
cpe:2.3:a:roveridx:rover_idx:3.0.0.2528
-
cpe:2.3:a:roveridx:rover_idx:3.0.0.2529
-
cpe:2.3:a:roveridx:rover_idx:3.0.0.2530
-
cpe:2.3:a:roveridx:rover_idx:3.0.0.2531
-
cpe:2.3:a:roveridx:rover_idx:3.0.0.2561
-
cpe:2.3:a:roveridx:rover_idx:3.0.0.2603
-
cpe:2.3:a:roveridx:rover_idx:3.0.0.2604
-
cpe:2.3:a:roveridx:rover_idx:3.0.0.2605
-
cpe:2.3:a:roveridx:rover_idx:3.0.0.2611
-
cpe:2.3:a:roveridx:rover_idx:3.0.0.2613
-
cpe:2.3:a:roveridx:rover_idx:3.0.0.2615
-
cpe:2.3:a:roveridx:rover_idx:3.0.0.2616
-
cpe:2.3:a:roveridx:rover_idx:3.0.0.2619
-
cpe:2.3:a:roveridx:rover_idx:3.0.0.2626
-
cpe:2.3:a:roveridx:rover_idx:3.0.0.2627
-
cpe:2.3:a:roveridx:rover_idx:3.0.0.2647
-
cpe:2.3:a:roveridx:rover_idx:3.0.0.2654
-
cpe:2.3:a:roveridx:rover_idx:3.0.0.2660
-
cpe:2.3:a:roveridx:rover_idx:3.0.0.2661
-
cpe:2.3:a:roveridx:rover_idx:3.0.0.2717
-
cpe:2.3:a:roveridx:rover_idx:3.0.0.2731
-
cpe:2.3:a:roveridx:rover_idx:3.0.0.2771
-
cpe:2.3:a:roveridx:rover_idx:3.0.0.2772
-
cpe:2.3:a:roveridx:rover_idx:3.0.0.2793
-
cpe:2.3:a:roveridx:rover_idx:3.0.0.2806
-
cpe:2.3:a:roveridx:rover_idx:3.0.0.2807
-
cpe:2.3:a:roveridx:rover_idx:3.0.0.2815
-
cpe:2.3:a:roveridx:rover_idx:3.0.0.2827
-
cpe:2.3:a:roveridx:rover_idx:3.0.0.2828
-
cpe:2.3:a:roveridx:rover_idx:3.0.0.2859
-
cpe:2.3:a:roveridx:rover_idx:3.0.0.2860
-
cpe:2.3:a:roveridx:rover_idx:3.0.0.2903
-
cpe:2.3:a:roveridx:rover_idx:3.0.0.2904
-
cpe:2.3:a:roveridx:rover_idx:3.0.0.2905