CVE-2023-5939
rtMedia for WordPress, BuddyPress and bbPress < 4.6.16 - Admin+ RCEThe rtMedia for WordPress, BuddyPress and bbPress WordPress plugin before 4.6.16 loads the contents of the import file in an unsafe manner, leading to remote code execution by privileged users.
We have discovered 523 live websites that are affected by CVE-2023-5939.
Affected Software
| Product |  Buddypress Media |
| Category | Wordpress Plugins |
| Vulnerable Domains | 523 live websites (37% of Buddypress Media install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 53 versions ( 76% of all versions) |
Common Weakness Enumeration
CWE-94 Improper Control of Generation of Code ('Code Injection')Details
- Published - Dec 26, 2023
- Updated - Aug 2, 2024
Credits
- Alex Sanford (finder)
- WPScan (coordinator)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2023-5939 United States | 208 websites |
 Germany | 48 websites |
 France | 37 websites |
 Italy | 30 websites |
 Russia | 25 websites |
 GB | 20 websites |
 Canada | 13 websites |
 Japan | 13 websites |
 Spain | 12 websites |
 Poland | 9 websites |
Website Distribution by TLD
Number of websites using CVE-2023-5939| .com | 227 websites |
| .org | 60 websites |
| .ru | 21 websites |
| .de | 20 websites |
| .fr | 18 websites |
| .it | 18 websites |
| .net | 13 websites |
| .eu | 8 websites |
| .es | 8 websites |
| .ca | 6 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2023-5939
Top websites that are affected by CVE-2023-5939. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ********.do | United States | ***,*** | |
| *********************.org | France | ***,*** | |
| **********.ru | Russia | *,***,*** | |
| ******.com | United States | *,***,*** | |
| *****.org | United States | *,***,*** | |
| **************.it | Italy | *,***,*** | |
| ****************.org | Germany | *,***,*** | |
| ******.com | United States | *,***,*** | |
| **********.com | United States | *,***,*** | |
| *******************.club | United States | *,***,*** |
FAQ
CVE-2023-5939 is Improper Control of Generation of Code ('Code Injection') in Buddypress Media
A total of 523 websites have been identified as vulnerable to CVE-2023-5939, based on global website indexing conducted by WebTechSurvey.
The Buddypress Media is affected by the CVE-2023-5939 vulnerability.
Buddypress Media versions up to 4.6.16 are vulnerable to CVE-2023-5939.
CVE-2023-5939 is resolved in version 4.6.16 of Buddypress Media.