CVE-2023-5931

Summary

The rtMedia for WordPress, BuddyPress and bbPress WordPress plugin before 4.6.16 does not validate files to be uploaded, which could allow attackers with a low-privilege account (e.g. subscribers) to upload arbitrary files such as PHP on the server

Affected Software

VendorProductVersion RangeStatus
UnknownrtMedia for WordPress, BuddyPress and bbPress0 < 4.6.16affected

Weaknesses

  • CWE-434 Unrestricted Upload of File with Dangerous Type

ADP Enrichment

CVE Program Container

Additional References

References