CVE-2023-41951

MEDIUM

WordPress rtMedia <= 4.6.14 - Broken Access Control

Title source: manual
STIX 2.1

Description

Missing Authorization vulnerability in rtCamp rtMedia for WordPress, BuddyPress and bbPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects rtMedia for WordPress, BuddyPress and bbPress: from n/a through 4.6.14.

Scores

CVSS v3 4.3
EPSS 0.0044
EPSS Percentile 35.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-862
Status published
Products (1)
rtCamp/rtMedia for WordPress, BuddyPress and bbPress < 4.6.14
Published Dec 13, 2024
Tracked Since Feb 18, 2026