cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-41951,https://securityvulnerability.io/vulnerability/CVE-2023-41951,"WordPress rtMedia for WordPress, BuddyPress and bbPress plugin <= 4.6.14 - Broken Access Control vulnerability","A missing authorization vulnerability exists in rtMedia for WordPress, BuddyPress, and bbPress, allowing attackers to exploit improperly configured access control security levels. This could lead to unauthorized access to sensitive data and functionalities within the affected applications. It is crucial for users of rtMedia versions n/a through 4.6.14 to review their security configurations to prevent potential exploitation.",Wordpress,"Rtmedia For WordPress, Buddypress And Bbpress",4.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-12-13T14:24:24.851Z,0
CVE-2024-3293,https://securityvulnerability.io/vulnerability/CVE-2024-3293,Blind SQL Injection Vulnerability in rtMedia Plugin Affects Sensitive Data,"The rtMedia for WordPress plugin, which supports BuddyPress and bbPress, has a vulnerability that allows for blind SQL Injection. This occurs through the rtmedia_gallery shortcode owing to inadequate escaping of user-supplied parameters and insufficient query preparation. As a result, authenticated attackers with contributor-level access or higher can inject additional SQL queries into existing ones, which may lead to unauthorized access to sensitive database information. This security flaw emphasizes the importance of proper input validation and secure coding practices in WordPress plugin development.",Wordpress,"Rtmedia For WordPress, Buddypress And Bbpress",8.8,HIGH,0.0004299999854993075,false,,false,false,true,true,false,false,2024-04-23T02:15:00.000Z,0
CVE-2023-5931,https://securityvulnerability.io/vulnerability/CVE-2023-5931,"rtMedia for WordPress, BuddyPress and bbPress < 4.6.16 - Subscriber+ RCE","The rtMedia plugin for WordPress, BuddyPress, and bbPress prior to version 4.6.16 is susceptible to a file upload vulnerability. This flaw results from improper validation of uploaded files, allowing users with low-privilege accounts, such as subscribers, to potentially upload arbitrary files, including PHP scripts. Such uploads could lead to unauthorized command execution on the server, posing significant security risks to affected WordPress sites.",Wordpress,"rtMedia for WordPress, BuddyPress and bbPress",8.8,HIGH,0.0008399999933317304,false,,false,false,false,,false,false,2023-12-26T19:15:00.000Z,0
CVE-2023-5939,https://securityvulnerability.io/vulnerability/CVE-2023-5939,"rtMedia for WordPress, BuddyPress and bbPress < 4.6.16 - Admin+ RCE","The rtMedia plugin for WordPress, which supports BuddyPress and bbPress, contains a vulnerability that allows privileged users to execute arbitrary code remotely. This occurs due to the improper handling of imported file contents in versions before 4.6.16. If exploited, this weakness can lead to severe security risks, including unauthorized actions taken by attackers with elevated privileges. Website administrators are strongly encouraged to update to the latest version to mitigate this issue.",Wordpress,"rtMedia for WordPress, BuddyPress and bbPress",7.2,HIGH,0.0021800000686198473,false,,false,false,false,,false,false,2023-12-26T19:15:00.000Z,0