[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fUfoBMUbApQ6HrNQ91fA1K5v3Pl2Lk2DH8CS7mYxP4f8":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20},"WF-be97e1ca-6c9c-4641-ba7c-bbb14a58d99e-buddypress-media","rtmedia-for-wordpress-buddypress-and-bbpress-arbitary-file-upload","rtMedia for WordPress, BuddyPress and bbPress \u003C= 4.2 - Arbitary File Upload","The rtMedia for WordPress, BuddyPress and bbPress for WordPress is vulnerable to Direct file access in versions up to, and including, 4.2. This is due to the 'rtUploadAttachment.php' file preventing direct access to the the file. This makes it possible for unauthenticated attackers to access the file directly which triggers execution and lets unauthenticated users upload files.","buddypress-media",null,"\u003C4.2.1","4.2.1","critical",9.8,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Unrestricted Upload of File with Dangerous Type","2016-12-21 00:00:00","2024-01-22 19:56:02",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fbe97e1ca-6c9c-4641-ba7c-bbb14a58d99e?source=api-prod",2589]