cleantalk
Vulnerabilities and Security Researches

rtMedia for WordPress, BuddyPress and bbPress, CVE-2023-5931

CVE, Research URL

CVE-2023-5931

Home page URL

Security reports for rtMedia for WordPress, BuddyPress and bbPress

Application

rtMedia for WordPress, BuddyPress and bbPress

Published on
Dec 27, 2023
Research Description
The rtMedia for WordPress, BuddyPress and bbPress WordPress plugin before 4.6.16 does not validate files to be uploaded, which could allow attackers with a low-privilege account (e.g. subscribers) to upload arbitrary files such as PHP on the server
Affected versions
max 4.6.16.
Status
vulnerable
Previous vulnerability researches
rtMedia for WordPress, BuddyPress and bbPress (486aa334-badc-4af2-abe0-77904d768b90) , Jun 07, 2024
rtMedia for WordPress, BuddyPress and bbPress (CVE-2023-5931) , Jun 07, 2024
rtMedia for WordPress, BuddyPress and bbPress (CVE-2023-5939) , Jun 07, 2024
rtMedia for WordPress, BuddyPress and bbPress (CVE-2024-3293) , Jun 07, 2024
rtMedia for WordPress, BuddyPress and bbPress (CVE-2026-25325) , Feb 27, 2026
New vulnerability
WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce (CVE-2025-2799) , Apr 25, 2026
Kubio AI Page Builder (CVE-2025-8487) , Apr 25, 2026
PlayerJS (CVE-2025-58651) , Apr 25, 2026
PilotPress (CVE-2025-58238) , Apr 25, 2026
Real Estate Manager – Property Listing and Agent Management (CVE-2025-58253) , Apr 25, 2026