Unknown File Upload Vulnerability in Revy Allows Web Shell Upload to Web Server
CVE-2024-54214

10CRITICAL

Key Information:

Vendor: WordPress
Status: Revy
Vendor: CVE Published:; 6 December 2024

Summary

The Roninwp Revy Plugin for WordPress presents a significant security risk due to an unrestricted upload of files with dangerous types. This vulnerability allows attackers to upload a malicious web shell to the server, compromising site security. The issue is prevalent in Revy versions from n/a up to 1.18. Website administrators using this plugin must act swiftly to mitigate potential threats by implementing the necessary updates and security measures.

Affected Version(s)

Revy <= 1.18

References

https://patchstack.com/database/wordpress/plugin/revy/vul...

vdb-entry

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Dec 6, 2024
Vulnerability Reserved
Dec 2, 2024

Credit

Dave Jong (Patchstack)