Sensitive data exposed in rtMedia plugin for WordPress and BuddyPress

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

5.3

Sensitive data exposed in rtMedia plugin for WordPress and BuddyPress

CVE-2026-25325

Summary

An issue in the rtMedia plugin for WordPress and BuddyPress allows unauthorized access to sensitive data. This affects versions up to 4.7.8. To stay secure, update the rtMedia plugin to the latest version or consider replacing it with a secure alternative.

Original title

Original description

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in rtCamp rtMedia for WordPress, BuddyPress and bbPress buddypress-media allows Retrieve Embedded Sensitive Data.This issue affects rtMedia for WordPress, BuddyPress and bbPress: from n/a through <= 4.7.8.

nvd CVSS3.1 5.3

Vulnerability type

CWE-497

https://patchstack.com/database/Wordpress/Plugin/buddypress-media/vulnerability/...

Published: 19 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026