CVE-2026-25325

MEDIUM 5.3

WordPress rtMedia for WordPress, BuddyPress and bbPress plugin <= 4.7.8 - Sensitive Data Exposure vulnerability

CVSS Score

5.3

EPSS Score

0.0%

EPSS Percentile

0th

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in rtCamp rtMedia for WordPress, BuddyPress and bbPress buddypress-media allows Retrieve Embedded Sensitive Data.This issue affects rtMedia for WordPress, BuddyPress and bbPress: from n/a through <= 4.7.8.

CWE	CWE-497
Vendor	rtcamp
Product	rtmedia for wordpress, buddypress and bbpress
Published	Feb 19, 2026
Last Updated	Apr 1, 2026

Stay Ahead of the Next One

Get instant alerts for rtcamp rtmedia for wordpress, buddypress and bbpress

Be the first to know when new medium vulnerabilities affecting rtcamp rtmedia for wordpress, buddypress and bbpress are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

rtCamp / rtMedia for WordPress, BuddyPress and bbPress

0 ≤ 4.7.8

References

NVD ↗ CVE.org ↗ EPSS Data ↗

patchstack.com: https://patchstack.com/database/Wordpress/Plugin/buddypress-media/vulnerability/wordpress-rtmedia-for-wordpress-buddypress-and-bbpress-plugin-4-7-8-sensitive-data-exposure-vulnerability?_s_id=cve

Credits

Doan Dinh Van | Patchstack Bug Bounty Program