CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54214 – WordPress Revy plugin <= 1.18 - Unauthenticated Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-54214
02 Dec 2024 — Unrestricted Upload of File with Dangerous Type vulnerability in NotFound Revy allows Upload a Web Shell to a Web Server.This issue affects Revy: from n/a through 1.18. Unrestricted Upload of File with Dangerous Type vulnerability in Roninwp Revy allows Upload a Web Shell to a Web Server.This issue affects Revy: from n/a through 1.18. The Revy plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.18. This makes it possible fo... • https://patchstack.com/database/wordpress/plugin/revy/vulnerability/wordpress-revy-plugin-1-18-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54215 – WordPress Revy plugin <= 1.18 - Unauthenticated SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-54215
02 Dec 2024 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Envato Security Team Revy.This issue affects Revy: from n/a through 1.18. Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Roninwp Revy.This issue affects Revy: from n/a through 1.18. The Revy plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.18 due to insufficient escaping on the user supplied parameter and lack of s... • https://patchstack.com/database/wordpress/plugin/revy/vulnerability/wordpress-revy-plugin-1-18-unauthenticated-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •