Login Sign Up

CVE-2023-5931

8.8 HIGH
Remote Code Execution

📋 TL;DR

The rtMedia WordPress plugin before version 4.6.16 has an unrestricted file upload vulnerability that allows authenticated users with low privileges (like subscribers) to upload arbitrary files, including PHP scripts, to the server. This affects WordPress sites using rtMedia with BuddyPress or bbPress integration.

💻 Affected Systems

Products:
  • rtMedia for WordPress, BuddyPress and bbPress
Versions: All versions before 4.6.16
Operating Systems: Any OS running WordPress
Default Config Vulnerable: ⚠️ Yes
Notes: Requires the rtMedia plugin to be installed and active on WordPress with BuddyPress or bbPress.

📦 What is this software?

Rtmedia by Rtcamp

View all CVEs affecting Rtmedia →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain remote code execution (RCE) by uploading a PHP web shell, leading to complete server compromise, data theft, and lateral movement within the network.

🟠

Likely Case

Attackers upload PHP backdoors to establish persistent access, deface websites, or deploy malware for further attacks.

🟢

If Mitigated

With proper file validation and server hardening, impact is limited to potential denial of service or storage exhaustion from uploaded files.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires at least subscriber-level access. Public proof-of-concept scripts are available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.6.16

Vendor Advisory: https://wpscan.com/vulnerability/3d6889e3-a01b-4e7f-868f-af7cc8c7531a

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find rtMedia plugin and click 'Update Now'. 4. Verify version is 4.6.16 or later.

🔧 Temporary Workarounds

Disable File Uploads

all

Temporarily disable file upload functionality in rtMedia settings until patched.

Restrict Upload Directory Permissions

linux

Set upload directory permissions to prevent PHP execution.

chmod -R 644 /path/to/wp-content/uploads/rtMedia/
find /path/to/wp-content/uploads/rtMedia/ -type f -name '*.php' -delete

🧯 If You Can't Patch

  • Remove or deactivate the rtMedia plugin immediately.
  • Implement web application firewall (WAF) rules to block file uploads with PHP extensions.

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel under Plugins > Installed Plugins for rtMedia version. If version is below 4.6.16, the site is vulnerable.

Check Version:

wp plugin list --name=rtmedia --field=version

Verify Fix Applied:

Confirm rtMedia plugin version is 4.6.16 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

  • Unusual file uploads to rtMedia directories, especially PHP files.
  • HTTP POST requests to /wp-content/plugins/buddypress-media/rtMedia/upload/ with suspicious file extensions.

Network Indicators:

  • POST requests uploading files with .php, .phtml, or other executable extensions to rtMedia endpoints.

SIEM Query:

source="web_logs" AND uri_path="/wp-content/plugins/buddypress-media/rtMedia/upload/" AND (file_extension="php" OR file_extension="phtml")

📊 Metadata

CVE ID: CVE-2023-5931
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-434
Published: December 26, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-5931, you might also want to check these:

CVE-2024-52490 10.0

This vulnerability allows attackers to upload arbitrary files, including web shells, to Pathomation ...

Same vulnerability type (CWE-434)
CVE-2024-43160 10.0

CVE-2024-43160 is an unauthenticated arbitrary file upload vulnerability in the BerqWP WordPress plu...

Same vulnerability type (CWE-434)
CVE-2024-8940 10.0

CVE-2024-8940 is a critical unrestricted file upload vulnerability in Scriptcase version 9.4.019 tha...

Same vulnerability type (CWE-434)