CVE-2021-24893: 
WordPress vulnerability analysis and mitigation

CVE-2021-24893 is a vulnerability affecting the Stars Rating WordPress plugin versions below 3.5.1. The vulnerability was discovered by Drew Jones and was publicly disclosed on December 6, 2021. This security issue affects the comments functionality of the WordPress plugin, potentially leading to denial of service conditions (WPScan).

The vulnerability stems from improper input validation in the Stars Rating plugin. Specifically, the plugin fails to validate the submitted rating parameter, allowing attackers to submit extremely large integer values. This vulnerability is classified as CWE-400 (Uncontrolled Resource Consumption) (NVD Report).

When exploited, this vulnerability can cause a Denial of Service (DoS) condition in two different scenarios: for unauthenticated users, it affects the pending comment dashboard, while for authenticated users, it causes the comment section on the post to fail to load properly, resulting in memory exhaustion errors. The error manifests as 'Allowed memory size of 268435456 bytes exhausted' in the stars-rating-public.php file (WPScan).

The vulnerability has been fixed in version 3.5.1 of the Stars Rating plugin. Website administrators running affected versions should update to version 3.5.1 or later to mitigate this vulnerability (WPScan).