WP-Safety

Revive Social – Social Media Auto Post and Scheduling Automation Plugin Security & Risk Analysis

wordpress.org/plugins/tweet-old-post

Automatically share your WordPress posts on multiple social networks like Facebook, X (Twitter), LinkedIn, Instagram and more.

20K active installs v9.3.4 PHP 7.4+ WP 4.7+ Updated Dec 10, 2025
auto-postsocial-media-automationsocial-media-schedulingsocial-media-sharing
95
A · Safe
CVEs total3
Unpatched0
Last CVEOct 14, 2025
Plugin page Download
Safety Verdict

Is Revive Social – Social Media Auto Post and Scheduling Automation Plugin Safe to Use in 2026?

Generally Safe

Score 95/100

Revive Social – Social Media Auto Post and Scheduling Automation Plugin has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Oct 14, 2025Updated 3mo ago
Risk Assessment

The "tweet-old-post" v9.3.4 plugin exhibits a mixed security posture. While it demonstrates strengths such as 100% prepared statement usage for SQL queries and a significant number of capability checks, several concerning areas are present. The static analysis reveals a notable attack surface with 3 AJAX handlers, one of which lacks authentication checks, presenting a direct entry point for potential unauthorized actions. Furthermore, the presence of 2 flows with unsanitized paths, although not rated as critical or high severity in the taint analysis, warrants attention as it could lead to unintended behavior or exploitation in specific scenarios. The plugin's vulnerability history is a significant concern, with 3 known CVEs, including one high severity vulnerability related to missing authorization and deserialization of untrusted data. The fact that these past vulnerabilities often involve authorization and deserialization, coupled with the current analysis finding an unprotected AJAX handler and potential unsanitized paths, suggests a recurring pattern of weaknesses in handling user input and access control. The plugin's reliance on the dangerous `unserialize` function also increases its attack surface for deserialization vulnerabilities, even if current taint analysis doesn't flag critical issues. Overall, while some good security practices are in place, the identified unprotected entry point, potential unsanitized paths, and a history of authorization and deserialization vulnerabilities indicate a moderate to high risk. Further investigation into the unprotected AJAX handler and unsanitized paths is crucial.

Key Concerns

  • Unprotected AJAX handler
  • Flows with unsanitized paths
  • High severity CVE in history
  • Medium severity CVEs in history
  • Use of dangerous unserialize function
  • Limited output escaping (71%)
Vulnerabilities
3

Revive Social – Social Media Auto Post and Scheduling Automation Plugin Security Vulnerabilities

CVEs by Year

1 CVE in 2015
2015
1 CVE in 2023
2023
1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

High
1
Medium
2

3 total CVEs

CVE-2025-62954medium · 4.3Missing Authorization

Revive Old Posts <= 9.3.3 - Missing Authorization

Oct 14, 2025 Patched in 9.3.4 (25d)
CVE-2022-4680medium · 6.6Deserialization of Untrusted Data

Revive Old Posts <= 9.0.10 - Authenticated (Admin+) PHP Object Injection

Jan 4, 2023 Patched in 9.0.11 (384d)
WF-bb1742fd-7f0c-4a14-aa9c-f2863fcccd17-tweet-old-posthigh · 8.6Improper Authorization

Revive Old Posts – Social Media Auto Post and Scheduling Plugin < 8.0.0 - Authorization Bypass

Feb 2, 2015 Patched in 8.0.0 (3277d)
Code Analysis
Analyzed Mar 16, 2026

Revive Social – Social Media Auto Post and Scheduling Automation Plugin Code Analysis

Dangerous Functions
10
Raw SQL Queries
0
10 prepared
Unescaped Output
27
66 escaped
Nonce Checks
5
Capability Checks
16
File Operations
7
External Requests
31
Bundled Libraries
0

Dangerous Functions Found

unserialize$page_data = unserialize( base64_decode( $pages_arr[ $i ] ) );includes\admin\services\class-rop-facebook-service.php:1065
unserialize'id' => unserialize( base64_decode( $account_data['id'] ) ),includes\admin\services\class-rop-facebook-service.php:1091
unserialize$the_id = unserialize( base64_decode( $accounts_data['id'] ) );includes\admin\services\class-rop-gmb-service.php:167
unserialize$accounts_array = unserialize( base64_decode( $accounts_data['pages'] ) );includes\admin\services\class-rop-gmb-service.php:168
unserialize$the_id = unserialize( base64_decode( $accounts_data['id'] ) );includes\admin\services\class-rop-linkedin-service.php:845
unserialize$accounts_array = unserialize( base64_decode( $accounts_data['pages'] ) );includes\admin\services\class-rop-linkedin-service.php:846
unserialize$the_id = unserialize( base64_decode( $account_data['id'] ) );includes\admin\services\class-rop-tumblr-service.php:662
unserialize$accounts_array = unserialize( base64_decode( $account_data['pages'] ) );includes\admin\services\class-rop-tumblr-service.php:663
unserialize$the_id = unserialize( base64_decode( $accounts_data['id'] ) );includes\admin\services\class-rop-vk-service.php:168
unserialize$accounts_array = unserialize( base64_decode( $accounts_data['pages'] ) );includes\admin\services\class-rop-vk-service.php:169

SQL Query Safety

100% prepared10 total queries

Output Escaping

71% escaped93 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

5 flows2 with unsanitized paths
authorize (includes\admin\services\class-rop-linkedin-service.php:105)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Revive Social – Social Media Auto Post and Scheduling Automation Plugin Attack Surface

Entry Points5
Unprotected1

AJAX Handlers 3

authwp_ajax_reset_local_auth_keycron-system\includes\class-debug-page.php:36
authwp_ajax_remove_remote_accountcron-system\includes\class-debug-page.php:39
authwp_ajax_rop_notice_dismissedincludes\class-rop.php:141

REST API Routes 2

GET/wp-json/tweet-old-post/v8/apiincludes\admin\class-rop-rest-api.php:52
GET/wp-json/tweet-old-post/v8/share/(?P<id>[a-zA-Z0-9_-]+)includes\admin\class-rop-rest-api.php:69
WordPress Hooks 68
actionrop_process_start_sharecron-system\class-rop-cron-core.php:39
actionrop_process_stop_sharecron-system\class-rop-cron-core.php:43
actionrop_process_update_share_timecron-system\class-rop-cron-core.php:47
actionrop_process_do_registercron-system\class-rop-cron-core.php:51
actioninitcron-system\class-rop-cron-core.php:55
actionadmin_menucron-system\includes\class-debug-page.php:31
actionadmin_enqueue_scriptscron-system\includes\class-debug-page.php:33
actionrest_api_initcron-system\rest-endpoints\class-rop-debug-ping.php:129
actionrest_api_initcron-system\rest-endpoints\class-rop-ping-system.php:158
actionrest_api_initcron-system\rest-endpoints\class-rop-registration-check.php:142
actionrest_api_initincludes\admin\abstract\class-rop-services-abstract.php:431
actionadmin_noticesincludes\admin\class-rop-admin.php:63
filterrop_pro_planincludes\admin\class-rop-admin.php:66
filterthemeisle_sdk_blackfriday_dataincludes\admin\class-rop-admin.php:73
actionadmin_footerincludes\admin\class-rop-admin.php:697
actionrest_api_initincludes\admin\class-rop-rest-api.php:49
actionrest_api_initincludes\admin\class-rop-rest-api.php:66
filterimage_downsizeincludes\admin\helpers\class-rop-post-format-helper.php:1021
filterimage_downsizeincludes\admin\services\class-rop-twitter-service.php:507
filterrop_available_servicesincludes\class-rop-i18n.php:47
actionplugins_loadedincludes\class-rop.php:113
filtertweet_old_post_pro_hide_license_fieldincludes\class-rop.php:131
filtertweet_old_post_pro_lc_no_valid_stringincludes\class-rop.php:132
actionadmin_initincludes\class-rop.php:143
actionadmin_headincludes\class-rop.php:144
actionadmin_initincludes\class-rop.php:145
actionadmin_noticesincludes\class-rop.php:146
actionadmin_noticesincludes\class-rop.php:147
actionadmin_initincludes\class-rop.php:149
actionadmin_noticesincludes\class-rop.php:150
actionadmin_noticesincludes\class-rop.php:151
actionadmin_initincludes\class-rop.php:152
actionadmin_noticesincludes\class-rop.php:153
actionadmin_initincludes\class-rop.php:154
actionadmin_enqueue_scriptsincludes\class-rop.php:155
actionadmin_enqueue_scriptsincludes\class-rop.php:156
actionadmin_headincludes\class-rop.php:157
actionadmin_enqueue_scriptsincludes\class-rop.php:158
actionadmin_print_footer_scriptsincludes\class-rop.php:159
actionadmin_menuincludes\class-rop.php:160
actionrop_cron_jobincludes\class-rop.php:161
actionrop_cron_job_onceincludes\class-rop.php:162
actionadmin_initincludes\class-rop.php:163
actionrop_cron_job_publish_nowincludes\class-rop.php:164
actionadd_meta_boxesincludes\class-rop.php:166
actionwp_after_insert_postincludes\class-rop.php:167
actiontransition_post_statusincludes\class-rop.php:168
actionrop_publish_now_instant_shareincludes\class-rop.php:169
filterrop_publish_now_attributesincludes\class-rop.php:170
actionwp_loadedincludes\class-rop.php:172
actionwp_loadedincludes\class-rop.php:174
filtertweet_old_post_feedback_review_messageincludes\class-rop.php:177
filtertweet_old_post_feedback_review_button_doincludes\class-rop.php:178
filtertweet_old_post_feedback_review_button_cancelincludes\class-rop.php:179
filtertweet-old-post_uninstall_feedback_iconincludes\class-rop.php:180
filtertweet-old-post_themeisle_sdk_disclosure_content_labelsincludes\class-rop.php:181
filtercron_schedulesincludes\class-rop.php:187
filterinitincludes\class-rop.php:192
actionadmin_noticestweet-old-post.php:40
actionadmin_inittweet-old-post.php:41
actionadmin_noticestweet-old-post.php:48
actionadmin_inittweet-old-post.php:49
actionadmin_noticestweet-old-post.php:88
actioninittweet-old-post.php:98
filtertweet_old_post_welcome_metadatatweet-old-post.php:201
filterthemeisle_sdk_productstweet-old-post.php:225
filtertweet_old_post_about_us_metadatatweet-old-post.php:234
filterthemeisle_sdk_enable_telemetrytweet-old-post.php:248
Maintenance & Trust

Revive Social – Social Media Auto Post and Scheduling Automation Plugin Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 10, 2025
PHP min version7.4
Downloads3.5M

Community Trust

Rating80/100
Number of ratings557
Active installs20K
Alternatives

Revive Social – Social Media Auto Post and Scheduling Automation Plugin Alternatives

Post to Social Media – WordPress to Hootsuite

Post to Social Media – WordPress to Hootsuite

wp-to-hootsuite

A
98

Automatically share WordPress Pages, Posts or Custom Post Types to Facebook, Twitter and LinkedIn using your Hootsuite (hootsuite.com) account.

300 2 CVEs
Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social Media

Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social Media

evergreen-content-poster

A
96

Automatically share your best WordPress content (posts/pages/custom post types) to X (Twitter), Mastodon, Facebook, Instagram, Pinterest, LinkedIn and &hellip;

100 6 CVEs
Auto Post to Social Media from Social Champ

Auto Post to Social Media from Social Champ

auto-post-to-social-media-wp-to-social-champ

A
99

It sends WP Pages, Posts or Custom Post Types to your Social Champ (SocialChamp.com) account for immediate or scheduled publishing to social networks.

40 1 CVE
PR-Gateway Connect

PR-Gateway Connect

pr-gateway-connect

A
85

Dear user,

20 No CVEs
Post Bridge Social Poster

Post Bridge Social Poster

post-bridge-social-poster

A
100

Unofficial Plugin to automatically post WordPress Content to Social Media using your Post Bridge (post-bridge.com) account.

0 No CVEs
Developer Profile

Revive Social – Social Media Auto Post and Scheduling Automation Plugin Developer Profile

rsocial

1 plugin · 20K total installs

76
trust score
Avg Security Score
95/100
Avg Patch Time
1229 days
View full developer profile
Detection Fingerprints

How We Detect Revive Social – Social Media Auto Post and Scheduling Automation Plugin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/tweet-old-post/assets/css/edit-post.css/wp-content/plugins/tweet-old-post/assets/css/old-posts-style.css/wp-content/plugins/tweet-old-post/assets/css/revive-social-common.css/wp-content/plugins/tweet-old-post/assets/css/revive-social-main.css/wp-content/plugins/tweet-old-post/assets/js/edit-post.js/wp-content/plugins/tweet-old-post/assets/js/old-posts.js/wp-content/plugins/tweet-old-post/assets/js/revive-social-common.js/wp-content/plugins/tweet-old-post/assets/js/revive-social-main.js
Script Paths
/wp-content/plugins/tweet-old-post/assets/js/edit-post.js/wp-content/plugins/tweet-old-post/assets/js/old-posts.js/wp-content/plugins/tweet-old-post/assets/js/revive-social-common.js/wp-content/plugins/tweet-old-post/assets/js/revive-social-main.js
Version Parameters
tweet-old-post/assets/css/edit-post.css?ver=tweet-old-post/assets/css/old-posts-style.css?ver=tweet-old-post/assets/css/revive-social-common.css?ver=tweet-old-post/assets/css/revive-social-main.css?ver=tweet-old-post/assets/js/edit-post.js?ver=tweet-old-post/assets/js/old-posts.js?ver=tweet-old-post/assets/js/revive-social-common.js?ver=tweet-old-post/assets/js/revive-social-main.js?ver=

HTML / DOM Fingerprints

CSS Classes
rop-admin-noticerop-buffer-presentrop-php-version-noticerop-upgrade-notice
HTML Comments
<!-- Plugin Name: Revive Social -->
Data Attributes
data-rop-id
JS Globals
ROP_CRON_ALTERNATIVEROP_LITE_VERSIONROP_LITE_BASE_FILEROP_DEBUGROP_LITE_PATHROP_PRO_PATH+16 more
REST Endpoints
/wp-json/auth-option/v1/post-sharing-control/wp-json/auth-option/v1/post-on-x/wp-json/auth-option/v1/logs
FAQ

Frequently Asked Questions about Revive Social – Social Media Auto Post and Scheduling Automation Plugin