CVE-2021-24894 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.5 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
WPScan	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 63%

Vendor	Product	Version
implecode	reviews_plus	𝑥 < 1.2.14

𝑥

= Vulnerable software versions

Known Exploits!

Common Weakness Enumeration

CWE-191 - Integer Underflow (Wrap or Wraparound)
The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.
CWE-20 - Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References

https://plugins.trac.wordpress.org/changeset/2618234

https://wpscan.com/vulnerability/79bb5acb-ea56-41a9-83a1-28a181ae41e2

https://plugins.trac.wordpress.org/changeset/2618234

https://wpscan.com/vulnerability/79bb5acb-ea56-41a9-83a1-28a181ae41e2