Skip to main content

Rtmedia For Wordpress Buddypress And Bbpress

1 CVEs product

Monthly

CVE-2026-40773 MEDIUM This Month

Broken Access Control in rtMedia for WordPress, BuddyPress and bbPress (versions <= 4.7.9) permits low-privileged authenticated users at the subscriber level to invoke privileged plugin functionality without authorization, yielding high integrity impact. The CVSS vector (PR:L, I:H, AV:N, AC:L, UI:N) confirms that any logged-in subscriber can exploit this remotely without complexity or user interaction, making sites with open user registration particularly exposed. No active exploitation has been confirmed (not in CISA KEV) and no public exploit code has been identified at time of analysis.

Authentication Bypass WordPress Rtmedia For Wordpress Buddypress And Bbpress
NVD
CVSS 3.1
6.5
EPSS
0.3%
EPSS 0% CVSS 6.5
MEDIUM This Month

Broken Access Control in rtMedia for WordPress, BuddyPress and bbPress (versions <= 4.7.9) permits low-privileged authenticated users at the subscriber level to invoke privileged plugin functionality without authorization, yielding high integrity impact. The CVSS vector (PR:L, I:H, AV:N, AC:L, UI:N) confirms that any logged-in subscriber can exploit this remotely without complexity or user interaction, making sites with open user registration particularly exposed. No active exploitation has been confirmed (not in CISA KEV) and no public exploit code has been identified at time of analysis.

Authentication Bypass WordPress Rtmedia For Wordpress Buddypress And Bbpress
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy