This vulnerability in PublishPress Revisions (<= 3.7.23) arises from improper neutralization of special elements in SQL commands, enabling Blind SQL Injection attacks. An attacker can exploit this remotely without authentication or user interaction, potentially leading to high confidentiality impact and partial availability impact. The CVSS 3.1 vector indicates network attack vector, low complexity, no privileges required, and scope change. No official patch or vendor advisory is currently available to confirm remediation status.

Successful exploitation can lead to unauthorized disclosure of sensitive information from the database (high confidentiality impact) and partial disruption of service (low availability impact). Integrity impact is not indicated. The vulnerability can be triggered remotely without authentication, increasing risk. No known exploits have been reported so far.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, consider restricting access to the affected plugin functionality or applying web application firewall (WAF) rules to detect and block SQL injection attempts targeting PublishPress Revisions. Monitor vendor channels for updates.