57 matches found
CVE-2023-5931
The rtMedia for WordPress, BuddyPress and bbPress WordPress plugin before 4.6.16 does not validate files to be uploaded, which could allow attackers with a low-privilege account e.g. subscribers to upload arbitrary files such as PHP on the server...
CVE-2023-5939
The rtMedia for WordPress, BuddyPress and bbPress WordPress plugin before 4.6.16 loads the contents of the import file in an unsafe manner, leading to remote code execution by privileged users...
Code injection
The rtMedia for WordPress, BuddyPress and bbPress WordPress plugin before 4.6.16 does not validate files to be uploaded, which could allow attackers with a low-privilege account e.g. subscribers to upload arbitrary files such as PHP on the server...
CVE-2023-5939
The vulnerability CVE-2023-5939 affects the rtMedia for WordPress, BuddyPress and bbPress plugin prior to version 4.6.16. The issue arises because the plugin loads the contents of an import file in an unsafe manner, enabling remote code execution by privileged users. Impact is remote code executi...
CVE-2023-5931 rtMedia for WordPress, BuddyPress and bbPress < 4.6.16 - Subscriber+ RCE
The rtMedia for WordPress, BuddyPress and bbPress WordPress plugin before 4.6.16 does not validate files to be uploaded, which could allow attackers with a low-privilege account e.g. subscribers to upload arbitrary files such as PHP on the server...
CVE-2023-5931
The CVE-2023-5931 affects the rtMedia plugin for WordPress, BuddyPress and bbPress (pre-4.6.16). The issue stems from missing validation of uploaded files, enabling a low-privilege user (e.g., subscriber) to upload arbitrary files such as PHP, potentially leading to remote code execution (RCE). P...
PT-2023-32429 · WordPress · Rtmedia
Name of the Vulnerable Software and Affected Versions: rtMedia for WordPress, BuddyPress and bbPress WordPress plugin versions prior to 4.6.16 Description: The issue concerns the rtMedia plugin's failure to validate uploaded files, potentially allowing attackers with low-privilege accounts to...
WordPress plugin rtMedia security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
PT-2023-32430 · WordPress · Rtmedia
Name of the Vulnerable Software and Affected Versions: rtMedia for WordPress, BuddyPress and bbPress versions prior to 4.6.16 Description: The issue is related to the unsafe loading of import file contents, leading to remote code execution by privileged users. Recommendations: For versions prior ...
WordPress plugin rtMedia security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...
rtMedia for WordPress, BuddyPress and bbPress < 4.6.16 - Admin+ RCE
Description The plugin loads the contents of the import file in an unsafe manner, leading to remote code execution by privileged users. 1. As an admin, visit rtMedia Settings Export/Import. 2. Click the "Browse File" button beside "Import rtMedia Settings". 3. Upload a file with the extension .js...
rtMedia for WordPress, BuddyPress and bbPress < 4.6.16 - Subscriber+ RCE
Description The plugin does not validate files to be uploaded, which could allow attackers with a low-privilege account e.g. subscribers to upload arbitrary files such as PHP on the server PoC If plugin JSON API is enabled, any logged-in user may execute arbitrary code by uploading a PHP file...
rtMedia for WordPress, BuddyPress and bbPress < 4.6.15 - Missing Authorization to Settings Update
Description The rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the rtmediaadminupload function in versions up to, and including, 4.6.14. This makes it possible for authenticated attackers,...
rtMedia for WordPress, BuddyPress and bbPress < 4.6.15 - Missing Authorization to Sensitive Information Exposure
Description The rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the exportsettings function in versions up to, and including, 4.6.14. This makes it possible for authenticated attackers, with...
WordPress rtMedia for WordPress, BuddyPress and bbPress Plugin <= 4.6.14 is vulnerable to Broken Access Control
Software rtMedia for WordPress, BuddyPress and bbPress Type Plugin Vulnerable versions = 4.6.14 Fixed in 4.6.15 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-41951 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID ed1b3e5c3460 Credi...
trMedia for WordPress <= 3.10.1 - XSS
The rtMedia for WordPress, BuddyPress and bbPress WordPress plugin was affected by a XSS security vulnerability...
rtMedia for WordPress, BuddyPress & bbPress 3.7.39 - SQL Injection
When initialized, the rtMedia will include and instantiate certain classes if BuddyPress is installed. One of these classes is RTMediaActivityUpgrade, contained within the file ‘app/importers/RTMediaActivityUpgrade.php’. This class is instantiated in the file ‘admin/RTMediaAdmin.php,’ line 110, i...