WordPress Revy plugin <= 1.18 - Unauthenticated SQL Injection vulnerability
CVE-2024-54215

9.3CRITICAL

Key Information:

Vendor: WordPress
Status: Revy
Vendor: CVE Published:; 9 December 2024

Summary

The vulnerability in Roninwp's Revy plugin allows for improper neutralization of special elements used in SQL commands, resulting in possible SQL Injection attacks. This vulnerability impacts all versions of the Revy plugin from n/a through 1.18. Attackers could exploit this issue to execute arbitrary SQL commands, potentially compromising the underlying database. It is vital for users of the affected versions to apply security measures and updates promptly to mitigate risks associated with this vulnerability.

Affected Version(s)

Revy <= 1.18

References

https://patchstack.com/database/wordpress/plugin/revy/vul...

vdb-entry

CVSS V3.1

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Dec 9, 2024

Credit

Dave Jong (Patchstack)