What the vulnerability does
01Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in roninwp Revy revy.This issue affects Revy: from n/a through <= 1.18.
CVE-2024-54215
CRITICAL
CVE-2024-54215: WordPress Revy plugin <= 1.18 - Unauthenticated SQL Injection vulnerability
CVSS base score
9.3/10
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L
Key dates
02Disclosure timeline
December 9, 2024
CVE published
April 28, 2026
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2026-20003
CVE-2025-14207 tushar-2223 Hotel-Management-System invoiceprint.php sql injection
CVE-2026-7046 NEX-Forms – Ultimate Forms Plugin for WordPress <= 9.1.12 - Authenticated (Administrator+) SQL Injection via 'table' Parameter
CVE-2026-8133 zyx0814 FilePress Shares Filelist API admin.php sql injection
CVE-2024-2676 Campcodes Online Job Finder System controller.php sql injection
