Lucene search
K

57 matches found

NVD
NVD
added 2023/12/26 7:15 p.m.20 views

CVE-2023-5931

The rtMedia for WordPress, BuddyPress and bbPress WordPress plugin before 4.6.16 does not validate files to be uploaded, which could allow attackers with a low-privilege account e.g. subscribers to upload arbitrary files such as PHP on the server...

8.8CVSS0.00816EPSS
Exploits2References1
OSV
OSV
added 2023/12/26 7:15 p.m.2 views

CVE-2023-5939

The rtMedia for WordPress, BuddyPress and bbPress WordPress plugin before 4.6.16 loads the contents of the import file in an unsafe manner, leading to remote code execution by privileged users...

7.2CVSS6.3AI score0.01331EPSS
Exploits2References1
Prion
Prion
added 2023/12/26 7:15 p.m.16 views

Code injection

The rtMedia for WordPress, BuddyPress and bbPress WordPress plugin before 4.6.16 does not validate files to be uploaded, which could allow attackers with a low-privilege account e.g. subscribers to upload arbitrary files such as PHP on the server...

6.5CVSS7.3AI score0.00816EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2023/12/26 6:33 p.m.55 views

CVE-2023-5939

The vulnerability CVE-2023-5939 affects the rtMedia for WordPress, BuddyPress and bbPress plugin prior to version 4.6.16. The issue arises because the plugin loads the contents of an import file in an unsafe manner, enabling remote code execution by privileged users. Impact is remote code executi...

7.2CVSS7.2AI score0.01331EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2023/12/26 6:33 p.m.29 views

CVE-2023-5931 rtMedia for WordPress, BuddyPress and bbPress < 4.6.16 - Subscriber+ RCE

The rtMedia for WordPress, BuddyPress and bbPress WordPress plugin before 4.6.16 does not validate files to be uploaded, which could allow attackers with a low-privilege account e.g. subscribers to upload arbitrary files such as PHP on the server...

9AI score0.00816EPSS
Exploits2References1
CVE
CVE
added 2023/12/26 6:33 p.m.62 views

CVE-2023-5931

The CVE-2023-5931 affects the rtMedia plugin for WordPress, BuddyPress and bbPress (pre-4.6.16). The issue stems from missing validation of uploaded files, enabling a low-privilege user (e.g., subscriber) to upload arbitrary files such as PHP, potentially leading to remote code execution (RCE). P...

8.8CVSS8.9AI score0.00816EPSS
Exploits2References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/12/26 12:0 a.m.8 views

PT-2023-32429 · WordPress · Rtmedia

Name of the Vulnerable Software and Affected Versions: rtMedia for WordPress, BuddyPress and bbPress WordPress plugin versions prior to 4.6.16 Description: The issue concerns the rtMedia plugin's failure to validate uploaded files, potentially allowing attackers with low-privilege accounts to...

8.8CVSS8.7AI score0.00816EPSS
Exploits2References10
CNNVD
CNNVD
added 2023/12/26 12:0 a.m.5 views

WordPress plugin rtMedia security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

7.2CVSS8AI score0.01331EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2023/12/26 12:0 a.m.9 views

PT-2023-32430 · WordPress · Rtmedia

Name of the Vulnerable Software and Affected Versions: rtMedia for WordPress, BuddyPress and bbPress versions prior to 4.6.16 Description: The issue is related to the unsafe loading of import file contents, leading to remote code execution by privileged users. Recommendations: For versions prior ...

7.2CVSS7.3AI score0.01331EPSS
Exploits2References10
CNNVD
CNNVD
added 2023/12/26 12:0 a.m.6 views

WordPress plugin rtMedia security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

8.8CVSS6.7AI score0.00816EPSS
Exploits2References2
wpexploit
wpexploit
added 2023/11/29 12:0 a.m.210 views

rtMedia for WordPress, BuddyPress and bbPress < 4.6.16 - Admin+ RCE

Description The plugin loads the contents of the import file in an unsafe manner, leading to remote code execution by privileged users. 1. As an admin, visit rtMedia Settings Export/Import. 2. Click the "Browse File" button beside "Import rtMedia Settings". 3. Upload a file with the extension .js...

7.2CVSS7.6AI score0.01331EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2023/11/29 12:0 a.m.17 views

rtMedia for WordPress, BuddyPress and bbPress < 4.6.16 - Subscriber+ RCE

Description The plugin does not validate files to be uploaded, which could allow attackers with a low-privilege account e.g. subscribers to upload arbitrary files such as PHP on the server PoC If plugin JSON API is enabled, any logged-in user may execute arbitrary code by uploading a PHP file...

8.8CVSS7.4AI score0.00816EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/24 12:0 a.m.14 views

rtMedia for WordPress, BuddyPress and bbPress < 4.6.15 - Missing Authorization to Settings Update

Description The rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the rtmediaadminupload function in versions up to, and including, 4.6.14. This makes it possible for authenticated attackers,...

6.7AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/24 12:0 a.m.7 views

rtMedia for WordPress, BuddyPress and bbPress < 4.6.15 - Missing Authorization to Sensitive Information Exposure

Description The rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the exportsettings function in versions up to, and including, 4.6.14. This makes it possible for authenticated attackers, with...

6.5AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2023/09/06 12:0 a.m.9 views

WordPress rtMedia for WordPress, BuddyPress and bbPress Plugin <= 4.6.14 is vulnerable to Broken Access Control

Software rtMedia for WordPress, BuddyPress and bbPress Type Plugin Vulnerable versions = 4.6.14 Fixed in 4.6.15 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-41951 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID ed1b3e5c3460 Credi...

6.9AI score0.00441EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2016/01/28 12:0 a.m.12 views

trMedia for WordPress <= 3.10.1 - XSS

The rtMedia for WordPress, BuddyPress and bbPress WordPress plugin was affected by a XSS security vulnerability...

2.1AI score
Exploits0References1Affected Software1
wpexploit
wpexploit
added 2015/04/28 12:0 a.m.21 views

rtMedia for WordPress, BuddyPress & bbPress 3.7.39 - SQL Injection

When initialized, the rtMedia will include and instantiate certain classes if BuddyPress is installed. One of these classes is RTMediaActivityUpgrade, contained within the file ‘app/importers/RTMediaActivityUpgrade.php’. This class is instantiated in the file ‘admin/RTMediaAdmin.php,’ line 110, i...

1.3AI score
Exploits0References1
Rows per page
Query Builder