WordPress Plugin Vulnerabilities

rtMedia for WordPress, BuddyPress and bbPress < 4.6.19 - Subscriber+ SQL Injection

Description

The plugin is vulnerable to time-based SQL Injection via the order_by parameter due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Affects Plugins

Plugin icon
buddypress-media
Fixed in 4.6.19

References

URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/7a2420ca-e079-429b-b1f1-47bf1d0a9f71

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
7.7 (high)

Miscellaneous

Verified
No
WPVDB ID
eb157433-c0b4-4f5c-9337-c4ebdcf26d64

Timeline

Publicly Published
2024-04-29 (about 2 years ago)
Added
2024-07-02 (about 1 year ago)
Last Updated
2024-08-12 (about 1 year ago)

Other

Published
Title
Published
2025-06-11
Title
Woocommerce Partial Shipment < 3.3 - Authenticated (Subscriber+) SQL Injection
Published
2019-07-26
Title
Advanced Contact form 7 DB < 1.7.1 - SQL Injection
Published
2025-10-02
Title
Woo superb slideshow transition gallery with random effect <= 9.1 - Authenticated (Contributor+) SQL Injection
Published
2026-01-16
Title
Antideo Email Validator < 1.0.11 - Unauthenticated SQL Injection
Published
2026-02-24
Title
Geo Mashup < 1.13.18 - Unauthenticated SQL Injection via 'sort' Parameter