CVE-2024-10002

Sažetak

The Rover IDX plugin for WordPress is vulnerable to Authentication Bypass in versions up to, and including, 3.0.0.2905. This is due to insufficient validation and capability check on the 'rover_idx_refresh_social_callback' function. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to log in to administrator. The vulnerability is partially patched in version 3.0.0.2905 and fully patched in version 3.0.0.2906.

Reference

https://plugins.trac.wordpress.org/browser/rover-idx/tags/3.0.0.2903/admin/rover-panel-social.php#L153
https://plugins.trac.wordpress.org/browser/rover-idx/tags/3.0.0.2903/rover-social-common.php#L148
https://plugins.trac.wordpress.org/changeset/3173032/rover-idx/trunk/rover-social-common.php
https://www.wordfence.com/threat-intel/vulnerabilities/id/5cf6a9fb-3c3b-48ad-a39b-77a529b89901?source=cve

CVSS

Base:	8.8
Impact:	5.9
Exploitability:	2.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	LOW

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	HIGH

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Zadnje važnije ažuriranje

25-10-2024 - 21:20

Objavljeno

22-10-2024 - 05:15