The Revive Old Posts WordPress plugin before 9.0.11 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| revive | revive_old_posts | * |
The login page of Revive Adserver v5.4.1 is vulnerable to brute force attacks. NOTE: The vendor's position is that this is effectively mitigated by rate limits and password-quality features.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| revive | adserver | 5.4.1 |