### [CVE-2023-5939](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5939)
![](https://img.shields.io/static/v1?label=Product&message=rtMedia%20for%20WordPress%2C%20BuddyPress%20and%20bbPress&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=0%3C%204.6.16%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-94%20Improper%20Control%20of%20Generation%20of%20Code%20('Code%20Injection')&color=brighgreen)

### Description

The rtMedia for WordPress, BuddyPress and bbPress WordPress plugin before 4.6.16 loads the contents of the import file in an unsafe manner, leading to remote code execution by privileged users.

### POC

#### Reference
- https://wpscan.com/vulnerability/db5d41fc-bcd3-414f-aa99-54d5537007bc

#### Github
No PoCs found on GitHub currently.