VYPR

Rover Idx

by WordPress

Source repositories

CVEs (2)

  • CVE-2024-10002HigOct 22, 2024
    risk 0.57cvss 8.8epss 0.01

    The Rover IDX plugin for WordPress is vulnerable to Authentication Bypass in versions up to, and including, 3.0.0.2905. This is due to insufficient validation and capability check on the 'rover_idx_refresh_social_callback' function. This makes it possible for authenticated…

  • CVE-2024-10003MedOct 22, 2024
    risk 0.34cvss 6.3epss 0.00

    The Rover IDX plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 3.0.0.2903. This makes it possible for authenticated attackers, with…