Description
A user having access to the UI of a Revive Adserver instance could be tricked into clicking on a specifically crafted admin account-switch.php URL that would eventually lead them to another (unsafe) domain, potentially used for stealing credentials or other phishing attacks. This vulnerability was addressed in version 4.2.0.
Remediation
References
Related Vulnerabilities
WordPress Plugin Store Locator Plus for WordPress Privilege Escalation (5.5.14)
WordPress Plugin Project Supremacy V3 Lite Cross-Site Scripting (1.1)
WordPress Plugin JSM file_get_contents() Shortcode Server-Side Request Forgery (2.7.0)
IBMHttpServer Improper Input Validation Vulnerability (CVE-2023-26281)