6.5
CVE-2021-24894
- EPSS 1.43%
- Veröffentlicht 23.11.2021 20:15:10
- Zuletzt bearbeitet 21.11.2024 05:53:57
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginReviews Plus < 1.2.14 - Subscriber+ Reviews DoS
Reviews Plus < 1.2.14 - Denial of Service
The Reviews Plus WordPress plugin before 1.2.14 does not validate the submitted rating, allowing submission of long integer, causing a Denial of Service in the review section when an authenticated user submit such rating and the reviews are set to be displayed on the post/page
Mögliche Gegenmaßnahme
Reviews Plus: Update to version 1.2.15, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Implecode ≫ Reviews Plus SwPlatformwordpress Version < 1.2.14
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Reviews Plus
Version
[*, 1.2.14)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.43% | 0.696 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:N/I:N/A:P
|
CWE-191 Integer Underflow (Wrap or Wraparound)
The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
https://plugins.trac.wordpress.org/changeset/2618234
https://wpscan.com/vulnerability/79bb5acb-ea56-41a9-83a1-28a181ae41e2
https://www.wordfence.com/threat-intel/vulnerabilities/id/52fb128f-d846-478e-bf9a-cbc3fe8ce89d