CVE-2023-5939

CVSS 3.1 Score 7.2 of 10 (high)

Details

Published Dec 26, 2023

Updated: Jan 4, 2024

Summary

CVE-2023-5939 is a remote code execution vulnerability affecting the rtMedia plugin used with WordPress, BuddyPress, and bbPress. The issue lies in the plugin's handling of import files, which is done in an unsafe manner. Privileged users can exploit this vulnerability by uploading a malicious file that is then executed on the target system, allowing the attacker to gain control of the affected WordPress installation. This vulnerability poses a serious threat and should be addressed by updating the plugin to version 4.6.16 or higher as soon as possible.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/tP47m_
https://www.cve.org/CVERecord?id=CVE-2023-5939
https://nvd.nist.gov/vuln/detail/CVE-2023-5939

Back to Vulnerability Database

CVE-2023-5939

CVSS 3.1 Score 7.2 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations