Lucene search
K

62 matches found

Patchstack
Patchstack
added 2024/04/23 12:0 a.m.21 views

WordPress rtMedia for WordPress, BuddyPress and bbPress Plugin <= 4.6.18 is vulnerable to SQL Injection

Software rtMedia for WordPress, BuddyPress and bbPress Type Plugin Vulnerable versions = 4.6.18 Fixed in 4.6.19 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-3293 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 7b7bd27ebebe Credits Krzysztof Zając...

8.8CVSS6.8AI score0.01405EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2024/04/23 12:0 a.m.8 views

PT-2024-24985 · WordPress · Rtmedia For Wordpress

Name of the Vulnerable Software and Affected Versions: rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress versions up to, and including, 4.6.18 Description: The issue allows authenticated attackers with contributor-level access and above to perform blind SQL Injection via the...

8.8CVSS7.5AI score0.01405EPSS
Exploits1References3
CNNVD
CNNVD
added 2024/04/23 12:0 a.m.7 views

WordPress plugin rtMedia for WordPress, BuddyPress and bbPress 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

8.8CVSS7.4AI score0.01405EPSS
Exploits1References3
NVD
NVD
added 2023/12/26 7:15 p.m.25 views

CVE-2023-5939

The rtMedia for WordPress, BuddyPress and bbPress WordPress plugin before 4.6.16 loads the contents of the import file in an unsafe manner, leading to remote code execution by privileged users...

7.2CVSS0.01331EPSS
Exploits2References1
NVD
NVD
added 2023/12/26 7:15 p.m.20 views

CVE-2023-5931

The rtMedia for WordPress, BuddyPress and bbPress WordPress plugin before 4.6.16 does not validate files to be uploaded, which could allow attackers with a low-privilege account e.g. subscribers to upload arbitrary files such as PHP on the server...

8.8CVSS0.00816EPSS
Exploits2References1
OSV
OSV
added 2023/12/26 7:15 p.m.2 views

CVE-2023-5939

The rtMedia for WordPress, BuddyPress and bbPress WordPress plugin before 4.6.16 loads the contents of the import file in an unsafe manner, leading to remote code execution by privileged users...

7.2CVSS6.3AI score0.01331EPSS
Exploits2References1
OSV
OSV
added 2023/12/26 7:15 p.m.4 views

CVE-2023-5931

The rtMedia for WordPress, BuddyPress and bbPress WordPress plugin before 4.6.16 does not validate files to be uploaded, which could allow attackers with a low-privilege account e.g. subscribers to upload arbitrary files such as PHP on the server...

8.8CVSS5.9AI score0.00816EPSS
Exploits2References1
Prion
Prion
added 2023/12/26 7:15 p.m.16 views

Code injection

The rtMedia for WordPress, BuddyPress and bbPress WordPress plugin before 4.6.16 does not validate files to be uploaded, which could allow attackers with a low-privilege account e.g. subscribers to upload arbitrary files such as PHP on the server...

6.5CVSS7.3AI score0.00816EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2023/12/26 6:33 p.m.56 views

CVE-2023-5939

The vulnerability CVE-2023-5939 affects the rtMedia for WordPress, BuddyPress and bbPress plugin prior to version 4.6.16. The issue arises because the plugin loads the contents of an import file in an unsafe manner, enabling remote code execution by privileged users. Impact is remote code executi...

7.2CVSS7.2AI score0.01331EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2023/12/26 6:33 p.m.64 views

CVE-2023-5931

The CVE-2023-5931 affects the rtMedia plugin for WordPress, BuddyPress and bbPress (pre-4.6.16). The issue stems from missing validation of uploaded files, enabling a low-privilege user (e.g., subscriber) to upload arbitrary files such as PHP, potentially leading to remote code execution (RCE). P...

8.8CVSS8.9AI score0.00816EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2023/12/26 6:33 p.m.29 views

CVE-2023-5931 rtMedia for WordPress, BuddyPress and bbPress < 4.6.16 - Subscriber+ RCE

The rtMedia for WordPress, BuddyPress and bbPress WordPress plugin before 4.6.16 does not validate files to be uploaded, which could allow attackers with a low-privilege account e.g. subscribers to upload arbitrary files such as PHP on the server...

9AI score0.00816EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2023/12/26 12:0 a.m.8 views

PT-2023-32429 · WordPress · Rtmedia

Name of the Vulnerable Software and Affected Versions: rtMedia for WordPress, BuddyPress and bbPress WordPress plugin versions prior to 4.6.16 Description: The issue concerns the rtMedia plugin's failure to validate uploaded files, potentially allowing attackers with low-privilege accounts to...

8.8CVSS8.7AI score0.00816EPSS
Exploits2References10
CNNVD
CNNVD
added 2023/12/26 12:0 a.m.5 views

WordPress plugin rtMedia security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

7.2CVSS8AI score0.01331EPSS
Exploits2References2
CNNVD
CNNVD
added 2023/12/26 12:0 a.m.6 views

WordPress plugin rtMedia security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

8.8CVSS6.7AI score0.00816EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2023/12/26 12:0 a.m.9 views

PT-2023-32430 · WordPress · Rtmedia

Name of the Vulnerable Software and Affected Versions: rtMedia for WordPress, BuddyPress and bbPress versions prior to 4.6.16 Description: The issue is related to the unsafe loading of import file contents, leading to remote code execution by privileged users. Recommendations: For versions prior ...

7.2CVSS7.3AI score0.01331EPSS
Exploits2References10
WPVulnDB
WPVulnDB
added 2023/11/29 12:0 a.m.17 views

rtMedia for WordPress, BuddyPress and bbPress < 4.6.16 - Subscriber+ RCE

Description The plugin does not validate files to be uploaded, which could allow attackers with a low-privilege account e.g. subscribers to upload arbitrary files such as PHP on the server PoC If plugin JSON API is enabled, any logged-in user may execute arbitrary code by uploading a PHP file...

8.8CVSS7.4AI score0.00816EPSS
Exploits2Affected Software1
wpexploit
wpexploit
added 2023/11/29 12:0 a.m.212 views

rtMedia for WordPress, BuddyPress and bbPress < 4.6.16 - Admin+ RCE

Description The plugin loads the contents of the import file in an unsafe manner, leading to remote code execution by privileged users. 1. As an admin, visit rtMedia Settings Export/Import. 2. Click the "Browse File" button beside "Import rtMedia Settings". 3. Upload a file with the extension .js...

7.2CVSS7.6AI score0.01331EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2023/11/24 12:0 a.m.14 views

rtMedia for WordPress, BuddyPress and bbPress < 4.6.15 - Missing Authorization to Settings Update

Description The rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the rtmediaadminupload function in versions up to, and including, 4.6.14. This makes it possible for authenticated attackers,...

6.7AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/24 12:0 a.m.7 views

rtMedia for WordPress, BuddyPress and bbPress < 4.6.15 - Missing Authorization to Sensitive Information Exposure

Description The rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the exportsettings function in versions up to, and including, 4.6.14. This makes it possible for authenticated attackers, with...

6.5AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2023/09/06 12:0 a.m.9 views

WordPress rtMedia for WordPress, BuddyPress and bbPress Plugin <= 4.6.14 is vulnerable to Broken Access Control

Software rtMedia for WordPress, BuddyPress and bbPress Type Plugin Vulnerable versions = 4.6.14 Fixed in 4.6.15 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-41951 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID ed1b3e5c3460 Credi...

6.9AI score0.00449EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder