CVE-2023-5931

Name of the Vulnerable Software and Affected Versions rtMedia for WordPress, BuddyPress and bbPress WordPress plugin versions prior to 4.6.16

Description The issue concerns the rtMedia plugin's failure to validate uploaded files, potentially allowing attackers with low-privilege accounts to upload arbitrary files, including PHP files, to the server. This could be exploited by attackers with subscriber-level access.

Recommendations For versions prior to 4.6.16, update to version 4.6.16 or later to resolve the issue. As a temporary workaround, consider restricting file upload capabilities to trusted users or disabling the file upload feature until the update is applied.