9 matches found
CVE-2025-9218
The rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress is vulnerable to to Information Disclosure due to missing authorization in the handlerestpredispatch function when the Godam plugin is active, in versions 4.7.0 to 4.7.3. This makes it possible for unauthenticated attackers to...
CVE-2025-9218
The CVE-2025-9218 entry concerns rtMedia for WordPress, BuddyPress and bbPress. Wordfence reports a missing-authorization issue in rtMedia’s handle_rest_pre_dispatch() that, when the Godam plugin is active, allows unauthenticated attackers to access media items from draft or private posts. Affect...
CVE-2024-49728
In generateFileInfo of BluetoothOppSendFileInfo.java, there is a possible cross user media disclosure due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
ASB-A-296915500
In generateFileInfo of BluetoothOppSendFileInfo.java, there is a possible cross user media disclosure due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2023-40108
In multiple locations, there is a possible way to access media content belonging to another user due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2023-21105
In multiple functions of ChooserActivity.java, there is a possible cross-user media read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11...
PT-2022-14619 · Google · Android
Name of the Vulnerable Software and Affected Versions: Android versions Android-11 through Android-12L Description: The issue is related to an integer overflow in the extract3GPPGlobalDescriptions function of TextDescriptions.cpp, which can cause an out of bounds read. This could lead to local...
WordPress WPS Cleaner plugin <= 1.4.4 - Cross-Site Request Forgery (CSRF) + media disclosure vulnerabilities
Cross-Site Request Forgery CSRF + media disclosure vulnerabilities found by Julio Potier in WordPress WPS Cleaner plugin versions = 1.4.4. Solution Update the WordPress WPS Cleaner plugin...
WPS Cleaner <= 1.4.4 - Multiple Issues
CSRF, Media Dislcosure...