High severity8.8NVD Advisory· Published Oct 22, 2024· Updated Jun 17, 2026
CVE-2024-10002
CVE-2024-10002
Description
The Rover IDX plugin for WordPress is vulnerable to Authentication Bypass in versions up to, and including, 3.0.0.2905. This is due to insufficient validation and capability check on the 'rover_idx_refresh_social_callback' function. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to log in to administrator. The vulnerability is partially patched in version 3.0.0.2905 and fully patched in version 3.0.0.2906.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: 0
Patches
Vulnerability mechanics
References
4- plugins.trac.wordpress.org/changeset/3173032/rover-idx/trunk/rover-social-common.phpnvdPatch
- www.wordfence.com/threat-intel/vulnerabilities/id/5cf6a9fb-3c3b-48ad-a39b-77a529b89901nvdThird Party Advisory
- plugins.trac.wordpress.org/browser/rover-idx/tags/3.0.0.2903/admin/rover-panel-social.phpnvdProduct
- plugins.trac.wordpress.org/browser/rover-idx/tags/3.0.0.2903/rover-social-common.phpnvdProduct
News mentions
0No linked articles in our index yet.