Security Advisory

CVE-2025-9218

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-12-13 04:31:26

Last updated 2025-12-15 15:47:54

Assigner Wordfence

State PUBLISHED

Description

The rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress is vulnerable to to Information Disclosure due to missing authorization in the handle_rest_pre_dispatch() function when the Godam plugin is active, in versions 4.7.0 to 4.7.3. This makes it possible for unauthenticated attackers to retrieve media items associated with draft or private posts.

← Browse all CVEs View on cve.org ↗