Primary

Context

rtMedia for WordPress, BuddyPress and bbPress Information Disclosure Vulnerability

Vulnerability

Patched

A vulnerability allowing information disclosure has been identified in the rtMedia for WordPress, BuddyPress and bbPress plugin, specifically in versions 4.7.0 to 4.7.3. The issue arises from missing authorization in the handle_rest_pre_dispatch() function when the Godam plugin is active. This vulnerability enables unauthenticated attackers to access media items linked to draft or private posts.

Impact

Exploitation of this vulnerability could lead to unauthorized access to media items associated with draft or private posts.

Remediation

Users can update to rtMedia version 4.7.4 or a newer patched version to address this vulnerability.

Added: Dec 13, 2025, 4:22 PM

Updated: Dec 13, 2025, 4:22 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

2.5

exploitability

8.2

remediation

7.7

relevance

1.5

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

2.5

exploitability

8.2

remediation

7.7

relevance

1.5

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

rtMedia for WordPress, BuddyPress and bbPress Information Disclosure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

rtCamp rtMedia

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating