vulnerability
WordPress Plugin: reviews-plus: CVE-2021-24894: Uncontrolled Resource Consumption
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
4 | (AV:N/AC:L/Au:S/C:N/I:N/A:P) | Oct 25, 2021 | May 15, 2025 | May 15, 2025 |
Severity
4
CVSS
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Published
Oct 25, 2021
Added
May 15, 2025
Modified
May 15, 2025
Description
The Reviews Plus plugin for WordPress is vulnerable to Denial of Service in versions before 1.2.14. This is due to an unknown part of the file post/page of the component Rating Submission Handler. The manipulation with an unknown input leads to a denial of service vulnerability. This makes it possible for authentication attackers, a authentication is necessary for exploitation to cause a Denial of Service in the review section when an authenticated user submit such rating and the reviews are set to be displayed on the post/page.
Solution
reviews-plus-plugin-cve-2021-24894

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.