Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-25121

Summary
Assigner-WPScan
Assigner Org ID-1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81
Published At-20 Jun, 2022 | 10:25
Updated At-03 Aug, 2024 | 19:56
Rejected At-
Credits

Rating by BestWebSoft < 1.6 - Rating Denial of Service

The Rating by BestWebSoft WordPress plugin before 1.6 does not validate the submitted rating, allowing submission of long integer, causing a Denial of Service on the post/page when a user submit such rating

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:WPScan
Assigner Org ID:1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81
Published At:20 Jun, 2022 | 10:25
Updated At:03 Aug, 2024 | 19:56
Rejected At:
▼CVE Numbering Authority (CNA)
Rating by BestWebSoft < 1.6 - Rating Denial of Service

The Rating by BestWebSoft WordPress plugin before 1.6 does not validate the submitted rating, allowing submission of long integer, causing a Denial of Service on the post/page when a user submit such rating

Affected Products
Vendor
Unknown
Product
Rating by BestWebSoft
Versions
Affected
  • From 1.6 before 1.6 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-191CWE-191 Integer Underflow (Wrap or Wraparound)
Type: CWE
CWE ID: CWE-191
Description: CWE-191 Integer Underflow (Wrap or Wraparound)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Drew Jones
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://wpscan.com/vulnerability/efb1ddef-2123-416c-a932-856d41ed836d
x_refsource_MISC
Hyperlink: https://wpscan.com/vulnerability/efb1ddef-2123-416c-a932-856d41ed836d
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://wpscan.com/vulnerability/efb1ddef-2123-416c-a932-856d41ed836d
x_refsource_MISC
x_transferred
Hyperlink: https://wpscan.com/vulnerability/efb1ddef-2123-416c-a932-856d41ed836d
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:contact@wpscan.com
Published At:20 Jun, 2022 | 11:15
Updated At:05 Nov, 2022 | 02:40

The Rating by BestWebSoft WordPress plugin before 1.6 does not validate the submitted rating, allowing submission of long integer, causing a Denial of Service on the post/page when a user submit such rating

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Primary2.04.0MEDIUM
AV:N/AC:L/Au:S/C:N/I:N/A:P
Type: Primary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 4.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:S/C:N/I:N/A:P
CPE Matches
BestWebSoft
bestwebsoft
>>rating>>Versions before 1.6(exclusive)
cpe:2.3:a:bestwebsoft:rating:*:*:*:*:*:wordpress:*:*
Weaknesses
CWE IDTypeSource
CWE-191Primarycontact@wpscan.com
CWE-191Secondarynvd@nist.gov
CWE ID: CWE-191
Type: Primary
Source: contact@wpscan.com
CWE ID: CWE-191
Type: Secondary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://wpscan.com/vulnerability/efb1ddef-2123-416c-a932-856d41ed836dcontact@wpscan.com
Exploit
Third Party Advisory
Hyperlink: https://wpscan.com/vulnerability/efb1ddef-2123-416c-a932-856d41ed836d
Source: contact@wpscan.com
Resource:
Exploit
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

5Records found
CVE-2022-3165
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 28.01%
||
7 Day CHG~0.00%
Published-17 Oct, 2022 | 00:00
Updated-14 May, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An integer underflow issue was found in the QEMU VNC server while processing ClientCutText messages in the extended format. A malicious client could use this flaw to make QEMU unresponsive by sending a specially crafted payload message, resulting in a denial of service.

Action-Not Available
Vendor-n/aFedora ProjectQEMU
Product-qemufedoraQEMU
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CVE-2022-21685
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.44% / 62.32%
||
7 Day CHG~0.00%
Published-14 Jan, 2022 | 17:05
Updated-23 Apr, 2025 | 19:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Integer underflow in Frontier

Frontier is Substrate's Ethereum compatibility layer. Prior to commit number `8a93fdc6c9f4eb1d2f2a11b7ff1d12d70bf5a664`, a bug in Frontier's MODEXP precompile implementation can cause an integer underflow in certain conditions. This will cause a node crash for debug builds. For release builds (and production WebAssembly binaries), the impact is limited as it can only cause a normal EVM out-of-gas. Users who do not use MODEXP precompile in their runtime are not impacted. A patch is available in pull request #549.

Action-Not Available
Vendor-parityparitytech
Product-frontierfrontier
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CVE-2021-41821
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.47% / 63.40%
||
7 Day CHG~0.00%
Published-29 Sep, 2021 | 22:59
Updated-04 Aug, 2024 | 03:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Wazuh Manager in Wazuh through 4.1.5 is affected by a remote Integer Underflow vulnerability that might lead to denial of service. A crafted message must be sent from an authenticated agent to the manager.

Action-Not Available
Vendor-n/aWazuh, Inc.
Product-wazuhn/a
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CVE-2021-24894
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-6.5||MEDIUM
EPSS-0.48% / 64.03%
||
7 Day CHG~0.00%
Published-23 Nov, 2021 | 19:16
Updated-03 Aug, 2024 | 19:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Reviews Plus < 1.2.14 - Subscriber+ Reviews DoS

The Reviews Plus WordPress plugin before 1.2.14 does not validate the submitted rating, allowing submission of long integer, causing a Denial of Service in the review section when an authenticated user submit such rating and the reviews are set to be displayed on the post/page

Action-Not Available
Vendor-implecodeUnknown
Product-reviews_plusReviews Plus
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CWE ID-CWE-20
Improper Input Validation
CVE-2024-30011
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-3.08% / 86.24%
||
7 Day CHG~0.00%
Published-14 May, 2024 | 16:57
Updated-27 Aug, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Hyper-V Denial of Service Vulnerability

Windows Hyper-V Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022_23h2windows_server_2016windows_server_2022windows_server_2019windows_server_2012Windows Server 2012 R2 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2016 (Server Core installation)Windows Server 2012 (Server Core installation)Windows Server 2019Windows Server 2012 R2Windows Server 2022Windows Server 2016Windows Server 2012
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
Details not found