CVE-2023-5939

rtMedia for WordPress, BuddyPress and bbPress < 4.6.16 - Admin+ RCE

The rtMedia for WordPress, BuddyPress and bbPress WordPress plugin before 4.6.16 loads the contents of the import file in an unsafe manner, leading to remote code execution by privileged users.


We have discovered 523 live websites that are affected by CVE-2023-5939.

Run a Free Instant Scan




Affected Software

Product  Buddypress Media
Category Wordpress Plugins
Vulnerable Domains523 live websites (37% of Buddypress Media install base)
Vulnerable Versions
  • from 0 through 4.6.16
Vulnerable Versions Count53 versions ( 76% of all versions)


Common Weakness Enumeration

CWE-94 Improper Control of Generation of Code ('Code Injection')



Details

  • Published - Dec 26, 2023
  • Updated - Aug 2, 2024

Credits

  • Alex Sanford (finder)
  • WPScan (coordinator)

Website Distribution by Country

Number of websites using CVE-2023-5939
United States208 websites



Germany48 websites
France37 websites
Italy30 websites
Russia25 websites
GB20 websites
Canada13 websites
Japan13 websites
Spain12 websites
Poland9 websites

Website Distribution by TLD

Number of websites using CVE-2023-5939
.com227 websites
.org60 websites
.ru21 websites
.de20 websites
.fr18 websites
.it18 websites
.net13 websites
.eu8 websites
.es8 websites
.ca6 websites

Vulnerable Versions

Vulnerable versions are highlighted in red

Websites affected by CVE-2023-5939

Top websites that are affected by CVE-2023-5939. Please click on the "Contact us" link to get more information.
DomainCountryRankContacts
********.do United States***,***
*********************.org France***,***
**********.ru Russia*,***,***
******.com United States*,***,***
*****.org United States*,***,***
**************.it Italy*,***,***
****************.org Germany*,***,***
******.com United States*,***,***
**********.com United States*,***,***
*******************.club United States*,***,***
See full domain list

FAQ

CVE-2023-5939 is Improper Control of Generation of Code ('Code Injection') in Buddypress Media
A total of 523 websites have been identified as vulnerable to CVE-2023-5939, based on global website indexing conducted by WebTechSurvey.
The Buddypress Media is affected by the CVE-2023-5939 vulnerability.
Buddypress Media versions up to 4.6.16 are vulnerable to CVE-2023-5939.
CVE-2023-5939 is resolved in version 4.6.16 of Buddypress Media.