CVE-2025-9218
- EPSS 0.06%
- Veröffentlicht 13.12.2025 04:31:26
- Zuletzt bearbeitet 15.12.2025 18:22:13
The rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress is vulnerable to to Information Disclosure due to missing authorization in the handle_rest_pre_dispatch() function when the Godam plugin is active, in versions 4.7.0 to 4.7.3. Thi...
CVE-2024-3293
- EPSS 26.61%
- Veröffentlicht 23.04.2024 02:15:48
- Zuletzt bearbeitet 21.11.2024 09:29:20
The rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress is vulnerable to blind SQL Injection via the rtmedia_gallery shortcode in all versions up to, and including, 4.6.18 due to insufficient escaping on the user supplied parameter and...
CVE-2023-5931
- EPSS 0.31%
- Veröffentlicht 26.12.2023 19:15:08
- Zuletzt bearbeitet 21.11.2024 08:42:48
The rtMedia for WordPress, BuddyPress and bbPress WordPress plugin before 4.6.16 does not validate files to be uploaded, which could allow attackers with a low-privilege account (e.g. subscribers) to upload arbitrary files such as PHP on the server
CVE-2023-5939
- EPSS 3.72%
- Veröffentlicht 26.12.2023 19:15:08
- Zuletzt bearbeitet 21.11.2024 08:42:49
The rtMedia for WordPress, BuddyPress and bbPress WordPress plugin before 4.6.16 loads the contents of the import file in an unsafe manner, leading to remote code execution by privileged users.