PatchSiren cyber security CVE debrief
CVE-2026-40773 rtCamp Inc. CVE debrief
A vulnerability was discovered in rtMedia for WordPress, BuddyPress and bbPress, versions up to and including 4.7.9. This issue is classified as a Subscriber Broken Access Control vulnerability. The Common Vulnerability Scoring System (CVSS) score for this vulnerability is 6.5, indicating a Medium severity level. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N. The weakness associated with this vulnerability is CWE-862.
- Vendor
- rtCamp Inc.
- Product
- rtMedia for WordPress, BuddyPress and bbPress
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Users of rtMedia for WordPress, BuddyPress and bbPress, particularly those using versions up to and including 4.7.9, should be aware of this vulnerability and take necessary actions to mitigate the risk.
Technical summary
The vulnerability allows a subscriber to perform unauthorized actions due to a broken access control mechanism. The CVSS score of 6.5 indicates a Medium severity level, with the impact being primarily on integrity (I:H) and no impact on confidentiality (C:N) or availability (A:N).
Defensive priority
MEDIUM
Recommended defensive actions
- Update to a version of rtMedia for WordPress, BuddyPress and bbPress that is not vulnerable.
- Review and restrict subscriber permissions to prevent unauthorized actions.
Evidence notes
Evidence for this CVE was provided by Patchstack, as indicated in the sourceItem and resourceLinks.
Official resources
-
CVE-2026-40773 CVE record
CVE.org
-
CVE-2026-40773 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
CVE-2026-40773 was published on 2026-06-15T21:16:49.990Z and modified on 2026-06-15T21:24:32.790Z.