CVE-2021-25121 – Rating by BestWebSoft < 1.6 - Rating Denial of Service
https://notcve.org/view.php?id=CVE-2021-25121
The Rating by BestWebSoft WordPress plugin before 1.6 does not validate the submitted rating, allowing submission of long integer, causing a Denial of Service on the post/page when a user submit such rating El plugin Rating by BestWebSoft WordPress anterior a la versión 1.6 no valida la valoración enviada, permitiendo el envío de enteros largos, lo que provoca una denegación de servicio en la entrada/página cuando un usuario envía dicha valoración The Rating by BestWebSoft WordPress plugin through 1.5 does not validate the submitted rating, allowing submission of long integer, causing a Denial of Service on the post/page when a user submit such rating • https://wpscan.com/vulnerability/efb1ddef-2123-416c-a932-856d41ed836d • CWE-191: Integer Underflow (Wrap or Wraparound) CWE-400: Uncontrolled Resource Consumption •
CVE-2017-18530 – Rating by BestWebSoft < 0.2 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-18530
The rating-bws plugin before 0.2 for WordPress has multiple XSS issues. El plugin rating-bws antes de 0.2 para WordPress tiene múltiples problemas XSS. The Rating by BestWebSoft plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to 0.2 due to insufficient input sanitization and output escaping on the 'category' parameter. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser granted they can trick a victim into performing an action, such as clicking on a link. • https://wordpress.org/plugins/rating-bws/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •