cleantalk
Vulnerabilities and Security Researches

rtMedia for WordPress, BuddyPress and bbPress, CVE-2025-9218

CVE, Research URL

CVE-2025-9218

Home page URL

Security reports for rtMedia for WordPress, BuddyPress and bbPress

Application

rtMedia for WordPress, BuddyPress and bbPress

Published on
Dec 13, 2025
Research Description
The rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress is vulnerable to to Information Disclosure due to missing authorization in the handle_rest_pre_dispatch() function when the Godam plugin is active, in versions 4.7.0 to 4.7.3. This makes it possible for unauthenticated attackers to retrieve media items associated with draft or private posts.
Affected versions
max 4.7.4.
Status
vulnerable
Previous vulnerability researches
Portfolio & Image Gallery for WordPress | PowerFolio (CVE-2024-22150) , Jun 07, 2024
Portfolio & Image Gallery for WordPress | PowerFolio (2dcc339fa5572c0b8975f48ffa24bcca0ae340a1) , Jun 07, 2024
Portfolio & Image Gallery for WordPress | PowerFolio (CVE-2022-4765) , Jun 07, 2024
Portfolio & Image Gallery for WordPress | PowerFolio (CVE-2025-57932) , Apr 24, 2026
Portfolio & Image Gallery for WordPress | PowerFolio (CVE-2022-4974) , Nov 15, 2024
New vulnerability
Team Manager – WordPress Showcase Team Members (CVE-2025-58222) , Apr 25, 2026
Product Time Countdown for WooCommerce (CVE-2025-57908) , Apr 25, 2026
YITH WooCommerce Wishlist (CVE-2026-4432) , Apr 25, 2026
Email Marketing, Email Automation & Newsletter for WordPress & WooCommerce – Mail Mint (CVE-2025-59570) , Apr 25, 2026
xili-language (CVE-2025-58654) , Apr 25, 2026