CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32822 – WordPress Reviews Plus plugin <= 1.3.4 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-32822
22 Apr 2024 — Missing Authorization vulnerability in impleCode Reviews Plus.This issue affects Reviews Plus: from n/a through 1.3.4. Vulnerabilidad de autorización faltante en impleCode Reviews Plus. Este problema afecta a Reviews Plus: desde n/a hasta 1.3.4. The Reviews Plus plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_hide_revs_translation_notice() function in versions up to, and including, 1.3.4. This makes it possible for authenticated attackers... • https://patchstack.com/database/vulnerability/reviews-plus/wordpress-reviews-plus-plugin-1-3-4-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24894 – Reviews Plus < 1.2.14 - Subscriber+ Reviews DoS
https://notcve.org/view.php?id=CVE-2021-24894
25 Oct 2021 — The Reviews Plus WordPress plugin before 1.2.14 does not validate the submitted rating, allowing submission of long integer, causing a Denial of Service in the review section when an authenticated user submit such rating and the reviews are set to be displayed on the post/page El plugin Reviews Plus de WordPress versiones anteriores a 1.2.14, no comprueba la valoración enviada, permitiendo el envío de enteros largos, causando una Denegación de Servicio en la sección de valoraciones cuando un usuario autenti... • https://plugins.trac.wordpress.org/changeset/2618234 • CWE-20: Improper Input Validation CWE-191: Integer Underflow (Wrap or Wraparound) CWE-400: Uncontrolled Resource Consumption •