cve/2023/CVE-2023-5939.md

### [CVE-2023-5939](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5939)
![](https://img.shields.io/static/v1?label=Product&message=rtMedia%20for%20WordPress%2C%20BuddyPress%20and%20bbPress&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=0%3C%204.6.16%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-94%20Improper%20Control%20of%20Generation%20of%20Code%20('Code%20Injection')&color=brighgreen)

### Description

The rtMedia for WordPress, BuddyPress and bbPress WordPress plugin before 4.6.16 loads the contents of the import file in an unsafe manner, leading to remote code execution by privileged users.

### POC

#### Reference
- https://wpscan.com/vulnerability/db5d41fc-bcd3-414f-aa99-54d5537007bc

#### Github
No PoCs found on GitHub currently.
Update CVE sources 2024-05-28 08:49 2024-05-28 08:49:17 +00:00			`### [CVE-2023-5939](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5939)`
			`![](https://img.shields.io/static/v1?label=Product&message=rtMedia%20for%20WordPress%2C%20BuddyPress%20and%20bbPress&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=0%3C%204.6.16%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-94%20Improper%20Control%20of%20Generation%20of%20Code%20('Code%20Injection')&color=brighgreen)`

			`### Description`

			`The rtMedia for WordPress, BuddyPress and bbPress WordPress plugin before 4.6.16 loads the contents of the import file in an unsafe manner, leading to remote code execution by privileged users.`

			`### POC`

			`#### Reference`
			`- https://wpscan.com/vulnerability/db5d41fc-bcd3-414f-aa99-54d5537007bc`

			`#### Github`
			`No PoCs found on GitHub currently.`