CVE-2026-40773
- EPSS 0.28%
- Veröffentlicht 15.06.2026 20:18:18
- Zuletzt bearbeitet 15.06.2026 21:24:32
Subscriber Broken Access Control in rtMedia for WordPress, BuddyPress and bbPress <= 4.7.9 versions.
CVE-2025-9218
- EPSS 0.23%
- Veröffentlicht 13.12.2025 04:31:26
- Zuletzt bearbeitet 15.04.2026 00:35:42
The rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress is vulnerable to to Information Disclosure due to missing authorization in the handle_rest_pre_dispatch() function when the Godam plugin is active, in versions 4.7.0 to 4.7.3. Thi...
CVE-2024-3293
- EPSS 1.41%
- Veröffentlicht 23.04.2024 02:15:48
- Zuletzt bearbeitet 15.04.2026 00:35:42
The rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress is vulnerable to blind SQL Injection via the rtmedia_gallery shortcode in all versions up to, and including, 4.6.18 due to insufficient escaping on the user supplied parameter and...
CVE-2023-5931
- EPSS 0.82%
- Veröffentlicht 26.12.2023 19:15:08
- Zuletzt bearbeitet 21.11.2024 08:42:48
The rtMedia for WordPress, BuddyPress and bbPress WordPress plugin before 4.6.16 does not validate files to be uploaded, which could allow attackers with a low-privilege account (e.g. subscribers) to upload arbitrary files such as PHP on the server
CVE-2023-5939
- EPSS 1.33%
- Veröffentlicht 26.12.2023 19:15:08
- Zuletzt bearbeitet 21.11.2024 08:42:49
The rtMedia for WordPress, BuddyPress and bbPress WordPress plugin before 4.6.16 loads the contents of the import file in an unsafe manner, leading to remote code execution by privileged users.