WordPress Plugin Vulnerabilities

rtMedia for WordPress, BuddyPress and bbPress < 4.6.15 - Missing Authorization to Sensitive Information Exposure

Description

The rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_settings function in versions up to, and including, 4.6.14. This makes it possible for authenticated attackers, with subscriber-level and above permissions, to expose sensitive information.

Affects Plugins

Plugin icon
buddypress-media
Fixed in 4.6.15

References

URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/be837a77-9b25-43af-aaba-94a8aa59e7e3

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
4.3 (Medium)

Miscellaneous

Verified
No
WPVDB ID
fd7762b5-fdb6-4308-8eb0-3eeda46c6033

Timeline

Publicly Published
2023-09-04 (about 2 years ago)
Added
2023-11-24 (about 2 years ago)
Last Updated
2023-12-03 (about 2 years ago)

Other

Published
Title
Published
2025-01-31
Title
CF7 Google Sheets Connector < 5.0.18 - Missing Authorization
Published
2025-06-05
Title
Wordapp <= 1.7.0 - Missing Authorization
Published
2023-12-27
Title
WooCommerce Warranty Requests < 2.3.0 - Missing Authorization
Published
2024-05-16
Title
Elementor Header & Footer Builder < 1.6.27 - Authenticated (Author+) HTML Injection
Published
2024-08-16
Title
Flash & HTML5 Video < 2.5.31 - Missing Authorization