CVE-2026-15287: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in rtcamp rtMedia for WordPress, BuddyPress and bbPress
rtMedia for WordPress, BuddyPress, and bbPress plugin versions up to 4.6.18 are vulnerable to a time-based SQL Injection via the order_by parameter. This vulnerability allows authenticated users with…
Read the full articleYou might also wanna read

WAF - WAF Release - 2026-06-09
This release introduces new detections for a critical SQL injection vulnerability in Drupal installations utilizing PostgreSQL (CVE-2026-908

WAF - WAF Release - 2026-06-15
This week's release introduces new managed protection to address a critical SQL injection vulnerability in Ghost CMS (CVE-2026-26980) and a

WAF - WAF Release - 2025-10-06
This week’s highlights prioritise an emergency Oracle E-Business Suite RCE rule deployed to block active, high-impact exploitation. Also add

WAF - WAF Release - 2025-08-04
This week's highlight focuses on a series of significant vulnerabilities identified across widely adopted web platforms, from enterprise-gra

WAF - WAF Release - 2026-04-21
This week's release introduces a new detection for a Remote Code Execution (RCE) vulnerability in Apache ActiveMQ (CVE-2026-34197) and an up

WAF - WAF Release - 2026-04-07
This week's release introduces new detections for a critical Remote Code Execution (RCE) vulnerability in MCP Server (CVE-2026-23744), along

Comments
Sign in to join the conversation.
No comments yet. Be the first.