CVE-2023-5939

high

Description

The rtMedia for WordPress, BuddyPress and bbPress WordPress plugin before 4.6.16 loads the contents of the import file in an unsafe manner, leading to remote code execution by privileged users.

References

https://wpscan.com/vulnerability/db5d41fc-bcd3-414f-aa99-54d5537007bc

Details

Source: Mitre, NVD

Published: 2023-12-26

Updated: 2024-01-04

Risk Information

CVSS v2

Base Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:M/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 7.2

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H