Browse all 11 CVE security advisories affecting roninwp. AI-powered Chinese analysis, POCs, and references for each vulnerability.
RoninWP develops WordPress security plugins focused on protecting websites from common web vulnerabilities. Historically, the plugin has been associated with multiple security issues, including cross-site scripting (XSS), remote code execution (RCE), and privilege escalation vulnerabilities. With 11 CVEs recorded, these flaws often stem from insufficient input validation and improper access controls. While no major public security incidents have been widely documented, the consistent pattern of vulnerabilities suggests ongoing challenges in secure development practices. The plugin's core use case remains WordPress hardening, though its security track record indicates users should implement additional layers of protection and maintain regular updates to mitigate potential risks.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-32924 | WordPress Revy plugin <= 2.1 - SQL Injection vulnerability — RevyCWE-89 | 8.5 | High | 2025-05-19 |
| CVE-2024-54215 | WordPress Revy plugin <= 1.18 - Unauthenticated SQL Injection vulnerability — RevyCWE-89 | 9.3 | Critical | 2024-12-09 |
| CVE-2024-54214 | WordPress Revy plugin <= 1.18 - Unauthenticated Arbitrary File Upload vulnerability — RevyCWE-434 | 10.0 | Critical | 2024-12-06 |
This page lists every published CVE security advisory associated with roninwp. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.