62 matches found
WordPress rtMedia for WordPress, BuddyPress and bbPress Plugin <= 4.6.18 is vulnerable to SQL Injection
Software rtMedia for WordPress, BuddyPress and bbPress Type Plugin Vulnerable versions = 4.6.18 Fixed in 4.6.19 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-3293 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 7b7bd27ebebe Credits Krzysztof Zając...
PT-2024-24985 · WordPress · Rtmedia For Wordpress
Name of the Vulnerable Software and Affected Versions: rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress versions up to, and including, 4.6.18 Description: The issue allows authenticated attackers with contributor-level access and above to perform blind SQL Injection via the...
WordPress plugin rtMedia for WordPress, BuddyPress and bbPress 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
CVE-2023-5939
The rtMedia for WordPress, BuddyPress and bbPress WordPress plugin before 4.6.16 loads the contents of the import file in an unsafe manner, leading to remote code execution by privileged users...
CVE-2023-5931
The rtMedia for WordPress, BuddyPress and bbPress WordPress plugin before 4.6.16 does not validate files to be uploaded, which could allow attackers with a low-privilege account e.g. subscribers to upload arbitrary files such as PHP on the server...
CVE-2023-5939
The rtMedia for WordPress, BuddyPress and bbPress WordPress plugin before 4.6.16 loads the contents of the import file in an unsafe manner, leading to remote code execution by privileged users...
CVE-2023-5931
The rtMedia for WordPress, BuddyPress and bbPress WordPress plugin before 4.6.16 does not validate files to be uploaded, which could allow attackers with a low-privilege account e.g. subscribers to upload arbitrary files such as PHP on the server...
Code injection
The rtMedia for WordPress, BuddyPress and bbPress WordPress plugin before 4.6.16 does not validate files to be uploaded, which could allow attackers with a low-privilege account e.g. subscribers to upload arbitrary files such as PHP on the server...
CVE-2023-5939
The vulnerability CVE-2023-5939 affects the rtMedia for WordPress, BuddyPress and bbPress plugin prior to version 4.6.16. The issue arises because the plugin loads the contents of an import file in an unsafe manner, enabling remote code execution by privileged users. Impact is remote code executi...
CVE-2023-5931
The CVE-2023-5931 affects the rtMedia plugin for WordPress, BuddyPress and bbPress (pre-4.6.16). The issue stems from missing validation of uploaded files, enabling a low-privilege user (e.g., subscriber) to upload arbitrary files such as PHP, potentially leading to remote code execution (RCE). P...
CVE-2023-5931 rtMedia for WordPress, BuddyPress and bbPress < 4.6.16 - Subscriber+ RCE
The rtMedia for WordPress, BuddyPress and bbPress WordPress plugin before 4.6.16 does not validate files to be uploaded, which could allow attackers with a low-privilege account e.g. subscribers to upload arbitrary files such as PHP on the server...
PT-2023-32429 · WordPress · Rtmedia
Name of the Vulnerable Software and Affected Versions: rtMedia for WordPress, BuddyPress and bbPress WordPress plugin versions prior to 4.6.16 Description: The issue concerns the rtMedia plugin's failure to validate uploaded files, potentially allowing attackers with low-privilege accounts to...
WordPress plugin rtMedia security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
WordPress plugin rtMedia security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...
PT-2023-32430 · WordPress · Rtmedia
Name of the Vulnerable Software and Affected Versions: rtMedia for WordPress, BuddyPress and bbPress versions prior to 4.6.16 Description: The issue is related to the unsafe loading of import file contents, leading to remote code execution by privileged users. Recommendations: For versions prior ...
rtMedia for WordPress, BuddyPress and bbPress < 4.6.16 - Subscriber+ RCE
Description The plugin does not validate files to be uploaded, which could allow attackers with a low-privilege account e.g. subscribers to upload arbitrary files such as PHP on the server PoC If plugin JSON API is enabled, any logged-in user may execute arbitrary code by uploading a PHP file...
rtMedia for WordPress, BuddyPress and bbPress < 4.6.16 - Admin+ RCE
Description The plugin loads the contents of the import file in an unsafe manner, leading to remote code execution by privileged users. 1. As an admin, visit rtMedia Settings Export/Import. 2. Click the "Browse File" button beside "Import rtMedia Settings". 3. Upload a file with the extension .js...
rtMedia for WordPress, BuddyPress and bbPress < 4.6.15 - Missing Authorization to Settings Update
Description The rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the rtmediaadminupload function in versions up to, and including, 4.6.14. This makes it possible for authenticated attackers,...
rtMedia for WordPress, BuddyPress and bbPress < 4.6.15 - Missing Authorization to Sensitive Information Exposure
Description The rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the exportsettings function in versions up to, and including, 4.6.14. This makes it possible for authenticated attackers, with...
WordPress rtMedia for WordPress, BuddyPress and bbPress Plugin <= 4.6.14 is vulnerable to Broken Access Control
Software rtMedia for WordPress, BuddyPress and bbPress Type Plugin Vulnerable versions = 4.6.14 Fixed in 4.6.15 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-41951 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID ed1b3e5c3460 Credi...