CVE-2021-24894

Published: Nov 23, 2021Modified: Jun 17, 2026

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

The Reviews Plus WordPress plugin before 1.2.14 does not validate the submitted rating, allowing submission of long integer, causing a Denial of Service in the review section when an authenticated user submit such rating and the reviews are set to be displayed on the post/page

Affected (1)

Products: Implecode: Reviews Plus

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Implecode Reviews Plus	Before 1.2.14

Related CWEs

Integer Underflow (Wrap or Wraparound)

The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (4)

https://plugins.trac.wordpress.org/changeset/2618234

Source: contact@wpscan.com

PatchThird Party Advisory

https://wpscan.com/vulnerability/79bb5acb-ea56-41a9-83a1-28a181ae41e2

Source: contact@wpscan.com

ExploitThird Party Advisory

https://plugins.trac.wordpress.org/changeset/2618234

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://wpscan.com/vulnerability/79bb5acb-ea56-41a9-83a1-28a181ae41e2

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.