Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PublishPress PublishPress Revisions revisionary allows Blind SQL Injection.This issue affects PublishPress Revisions: from n/a through <= 3.7.23.
Published: 2026-03-25
Score: 9.3 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Critical SQL Injection allowing data exfiltration or modification
Action: Immediate Patch
AI Analysis

Impact

The PublishPress Revisions plugin contains an SQL injection vulnerability caused by improper neutralization of special elements used in a SQL command. The flaw permits blind SQL injection, enabling an attacker to tamper with or retrieve data in the WordPress database. This could lead to unauthorized data disclosure, integrity compromise, or, depending on the database user, potential escalation of privileges.

Affected Systems

All versions of PublishPress Revisions up to and including 3.7.23 are vulnerable. Users running any of these WordPress plugin versions are at risk if their sites are exposed to the web.

Risk and Exploitability

This vulnerability carries a CVSS score of 9.3, indicating critical severity. The EPSS score is unavailable, and the vulnerability is not listed in CISA’s KEV catalog. The likely attack vector is a web-based attack in which a malicious user posts crafted input through the plugin’s interface, triggering blind SQL injection. Given the high CVSS score, the risk is significant if exploitation occurs.

Generated by OpenCVE AI on March 25, 2026 at 22:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update to PublishPress Revisions version 3.7.24 or newer.
  • If an update is not immediately available, disable the plugin until a patch can be applied.

Generated by OpenCVE AI on March 25, 2026 at 22:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 26 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Publishpress
Publishpress publishpress Revisions
Wordpress
Wordpress wordpress
Vendors & Products Publishpress
Publishpress publishpress Revisions
Wordpress
Wordpress wordpress

Wed, 25 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 9.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 25 Mar 2026 16:45:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PublishPress PublishPress Revisions revisionary allows Blind SQL Injection.This issue affects PublishPress Revisions: from n/a through <= 3.7.23.
Title WordPress PublishPress Revisions plugin <= 3.7.23 - SQL Injection vulnerability
Weaknesses CWE-89
References

Subscriptions

Publishpress Publishpress Revisions
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-03-25T20:06:32.221Z

Reserved: 2026-03-12T11:12:34.192Z

Link: CVE-2026-32539

cve-icon Vulnrichment

Updated: 2026-03-25T20:03:58.060Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-25T17:17:07.703

Modified: 2026-03-30T13:27:12.923

Link: CVE-2026-32539

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-26T12:12:14Z

Weaknesses