What the vulnerability does
01Description
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in rtCamp rtMedia for WordPress, BuddyPress and bbPress buddypress-media allows Retrieve Embedded Sensitive Data.This issue affects rtMedia for WordPress, BuddyPress and bbPress: from n/a through <= 4.7.8.
Explanation of Vulnerability in Simple Terms
02Summary
rtMedia for WordPress, BuddyPress and bbPress versions 4.7.8 and earlier expose sensitive information to unauthenticated attackers over the network. The vulnerability allows an attacker to read data that should be restricted, such as private media or user details. No user interaction or special configuration is required to exploit this issue.
What an attacker can do
03Attacker Capabilities
Read sensitive information from the site without logging in.
Potential impact on your site
04Site Impact
Private media, user data, or other restricted content may be visible to anyone on the internet.
Conditions required to exploit
05Prerequisites
Network access to the site; no authentication or user interaction required.
Key dates
06Disclosure timeline
February 19, 2026
CVE published
April 28, 2026
Record updated