What the vulnerability does
01Description
Subscriber Broken Access Control in rtMedia for WordPress, BuddyPress and bbPress <= 4.7.9 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
What the vulnerability does
Subscriber Broken Access Control in rtMedia for WordPress, BuddyPress and bbPress <= 4.7.9 versions.
Explanation of Vulnerability in Simple Terms
rtMedia for WordPress, BuddyPress and bbPress versions up to 4.7.9 fail to properly check user permissions before allowing certain actions. A logged-in user with low privileges can modify content or settings they should not have access to. The vulnerability does not affect data confidentiality or site availability, but can result in unauthorized changes to site content or configuration.
What an attacker can do
Modify or change content or settings without proper authorization.
Potential impact on your site
Unauthorized users can alter site content, media, or plugin settings they should not be able to access.
Conditions required to exploit
Attacker must have a low-privilege user account on the site.
Key dates
External resources
Related vulnerabilities