CVE-2024-10002

Authentication Bypass Using an Alternate Path or Channel (CWE-288)

Published: Oct 22, 2024 / Updated: 29d ago

010
CVSS 8.8EPSS 0.07%High
CVE info copied to clipboard

Summary

The Rover IDX plugin for WordPress is vulnerable to Authentication Bypass in versions up to, and including, 3.0.0.2905. This vulnerability is caused by insufficient validation and capability check on the 'rover_idx_refresh_social_callback' function. As a result, authenticated attackers with subscriber-level permissions and above can potentially log in as an administrator.

Impact

This vulnerability allows authenticated users with low-level permissions (subscriber and above) to escalate their privileges to administrator level. This can lead to unauthorized access to sensitive WordPress site settings, user data, and potentially the ability to modify or delete content, install malicious plugins, or compromise the entire website. The high impact on confidentiality, integrity, and availability (all rated as HIGH in the CVSS score) indicates that this vulnerability can have severe consequences for affected WordPress sites. The CVSS base score of 8.8 (out of 10) indicates a high severity level, emphasizing the urgency for patching.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

A partial patch is available in version 3.0.0.2905 of the Rover IDX plugin. However, for complete remediation, users should upgrade to version 3.0.0.2906, which fully addresses the vulnerability.

Mitigation

1. Immediately update the Rover IDX plugin to version 3.0.0.2906 or later. 2. If immediate updating is not possible, consider temporarily disabling the Rover IDX plugin until the update can be applied. 3. Conduct a thorough review of user accounts and their permissions, particularly focusing on any suspicious activities from low-privileged users. 4. Implement the principle of least privilege for all user accounts. 5. Monitor WordPress admin access logs for any unusual login patterns or activities. 6. Consider implementing additional security measures such as two-factor authentication for administrative accounts. 7. Regularly update all WordPress core files, themes, and plugins to their latest versions to prevent similar vulnerabilities.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Timeline

First Article

Feedly found the first article mentioning CVE-2024-10002. See article

Oct 22, 2024 at 4:38 AM / CVE
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Oct 22, 2024 at 4:39 AM
CVE Assignment

NVD published the first details for CVE-2024-10002

Oct 22, 2024 at 5:15 AM
CVSS

A CVSS base score of 8.8 has been assigned.

Oct 22, 2024 at 5:15 AM / nvd
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Oct 22, 2024 at 5:35 AM
EPSS

EPSS Score was set to: 0.07% (Percentile: 30.2%)

Oct 22, 2024 at 10:06 AM
Threat Intelligence Report

CVE-2024-10002 is a critical vulnerability in the Rover IDX plugin for WordPress, with a CVSS score of 8.8, allowing authenticated users with low-level permissions to escalate their privileges to administrator level. Currently, there is no evidence of exploitation in the wild or public proof-of-concept exploits; however, a partial patch is available in version 3.0.0.2905, and users are advised to upgrade to version 3.0.0.2906 for complete remediation. Mitigations include immediate updates, disabling the plugin if necessary, and reviewing user permissions to prevent unauthorized access. See article

Oct 22, 2024 at 4:40 PM
Static CVE Timeline Graph

Affected Systems

Roveridx/rover_idx
+null more

Patches

plugins.trac.wordpress.org
+null more

Links to Mitre Att&cks

T1083: File and Directory Discovery
+null more

Attack Patterns

CAPEC-127: Directory Indexing
+null more

News

Wordfence Intelligence Weekly WordPress Vulnerability Report (October 21, 2024 to October 27, 2024)
The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week: WordPress Plugins with Reported Vulnerabilities Last Week
Update Sat Oct 26 14:31:44 UTC 2024
Update Sat Oct 26 14:31:44 UTC 2024
High - CVE-2024-10002 - The Rover IDX plugin for WordPress is...
The Rover IDX plugin for WordPress is vulnerable to Authentication Bypass in versions up to, and including, 3.0.0.2905. This is due to insufficient validation and capability check on the...
CVE-2024-10002
The Rover IDX plugin for WordPress is vulnerable to Authentication Bypass in versions up to, and including, 3.0.0.2905. Gravedad 3.1 (CVSS 3.1 Base Score)
Rover IDX <= 3.0.0.2905 - Authenticated (Subscriber+) Authentication Bypass to Administrator
Stevemullen - HIGH - CVE-2024-10002 The Rover IDX plugin for WordPress is vulnerable to Authentication Bypass in versions up to, and including, 3.0.0.2905. This is due to insufficient validation and capability check on the 'rover_idx_refresh_social_callback' function. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to log in to administrator. The vulnerability is partially patched in version 3.0.0.2905 and fully patched in version 3.0.0.2906.
See 6 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:Low
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI