https://blog.qife122.com/tags/cve-2025-9218/ Recent content in CVE-2025-9218 on 办公AI智能小助手 Hugo zh-cn qife Sun, 11 Jan 2026 01:47:33 +0800 https://blog.qife122.com/p/wordpress-rtmedia%E6%8F%92%E4%BB%B6%E6%9D%83%E9%99%90%E7%BC%BA%E5%A4%B1%E6%BC%8F%E6%B4%9Ecve-2025-9218%E6%B7%B1%E5%BA%A6%E5%88%86%E6%9E%90/ Sun, 11 Jan 2026 01:47:33 +0800 https://blog.qife122.com/p/wordpress-rtmedia%E6%8F%92%E4%BB%B6%E6%9D%83%E9%99%90%E7%BC%BA%E5%A4%B1%E6%BC%8F%E6%B4%9Ecve-2025-9218%E6%B7%B1%E5%BA%A6%E5%88%86%E6%9E%90/ <h1 id="cve-2025-9218-rtcamp-rtmedia-for-wordpressbuddypress和bbpress中的cwe-862权限缺失漏洞">CVE-2025-9218: rtcamp rtMedia for WordPress、BuddyPress和bbPress中的CWE-862权限缺失漏洞</h1> <p><strong>严重性</strong>：低 <strong>类型</strong>：漏洞</p> <h2 id="cve-2025-9218">CVE-2025-9218</h2> <p>当Godam插件处于活动状态时，WordPress的rtMedia for WordPress、BuddyPress和bbPress插件在4.7.0至4.7.3版本中，由于<code>handle_rest_pre_dispatch()</code>函数存在权限缺失，容易受到信息泄露攻击。这使得未经身份验证的攻击者能够检索与草稿或私有文章关联的媒体项目。</p>