diff --git a/README.md b/README.md
index e2d74dae0..2911a523a 100755
--- a/README.md
+++ b/README.md
@@ -152,6 +152,14 @@ https://www.youtube.com/watch?v=dJrykKQGDcs
 
 ## Changelog ##
 
+### 4.6.15 [September 4, 2023] ###
+
+* Fixed
+
+	* Fixed security issue.
+	* Fixed console error related to max file size.
+
+
 ### 4.6.14 [August 11, 2023] ###
 
 * Enhancement
diff --git a/app/admin/RTMediaAdmin.php b/app/admin/RTMediaAdmin.php
index b176d77a8..56023d319 100755
--- a/app/admin/RTMediaAdmin.php
+++ b/app/admin/RTMediaAdmin.php
@@ -1403,6 +1403,11 @@ public function linkback() {
 		 */
 		public function export_settings() {
 
+            // permission check.
+            if ( ! current_user_can( 'manage_options' ) ) {
+	            wp_send_json_error( array( 'message' => esc_html__( 'You do not have permission to export settings.', 'buddypress-media' ) ) );
+            }
+
 			$rtmedia_option = get_option( 'rtmedia-options' );
 
 			if ( is_array( $rtmedia_option ) ) {
diff --git a/app/assets/js/rtMedia.backbone.js b/app/assets/js/rtMedia.backbone.js
index 668a82fe3..3487729b1 100755
--- a/app/assets/js/rtMedia.backbone.js
+++ b/app/assets/js/rtMedia.backbone.js
@@ -3029,7 +3029,7 @@ const rtMediaScrollComments = () => {
 /* Add max size limit message beside upload button */
 const rtMediaMaxSizeMessage = () => {
 	const buttonContainer = document.getElementById( 'rtmedia-action-update' );
-	if ( undefined !== buttonContainer ) {
+	if ( buttonContainer ) {
 		const msg = document.createElement('span');
 		msg.textContent = 'Max. File Size: ' + rtMedia_update_plupload_config.max_file_size;
 		msg.style.fontSize = '12px';
diff --git a/app/helper/rtUploadAttachment.php b/app/helper/rtUploadAttachment.php
index 23c2782ef..fc2783cfb 100755
--- a/app/helper/rtUploadAttachment.php
+++ b/app/helper/rtUploadAttachment.php
@@ -27,6 +27,11 @@ function rtmedia_admin_upload() {
 			$nonce = filter_input( INPUT_POST, 'rtmedia_admin_upload_nonce' );
 			if ( wp_verify_nonce( $nonce, 'rtmedia-admin-upload' ) ) {
 
+				// Check if user has capability to upload file.
+				if ( ! current_user_can( 'manage_options' ) ) {
+					wp_send_json_error( array( 'message' => esc_html__( 'You are not allowed to upload file.', 'buddypress-media' ) ) );
+				}
+
 				if ( ! empty( $_FILES ) ) {
 
 					$error = false;
diff --git a/index.php b/index.php
index 2a7e32e15..527e9ab5f 100755
--- a/index.php
+++ b/index.php
@@ -3,7 +3,7 @@
  * Plugin Name: rtMedia for WordPress, BuddyPress and bbPress
  * Plugin URI: https://rtmedia.io/?utm_source=dashboard&utm_medium=plugin&utm_campaign=buddypress-media
  * Description: This plugin adds missing media rich features like photos, videos and audio uploading to BuddyPress which are essential if you are building social network, seriously!
- * Version: 4.6.14
+ * Version: 4.6.15
  * Author: rtCamp
  * Text Domain: buddypress-media
  * Author URI: http://rtcamp.com/?utm_source=dashboard&utm_medium=plugin&utm_campaign=buddypress-media
@@ -19,7 +19,7 @@
 	/**
 	 * The version of the plugin
 	 */
-	define( 'RTMEDIA_VERSION', '4.6.14' );
+	define( 'RTMEDIA_VERSION', '4.6.15' );
 }
 
 if ( ! defined( 'RTMEDIA_PATH' ) ) {
diff --git a/languages/buddypress-media.po b/languages/buddypress-media.po
index b0435f6ba..a5dbee406 100644
--- a/languages/buddypress-media.po
+++ b/languages/buddypress-media.po
@@ -2,9 +2,9 @@
 # This file is distributed under the same license as the rtMedia for WordPress, BuddyPress and bbPress package.
 msgid ""
 msgstr ""
-"Project-Id-Version: rtMedia for WordPress, BuddyPress and bbPress 4.6.14\n"
+"Project-Id-Version: rtMedia for WordPress, BuddyPress and bbPress 4.6.15\n"
 "Report-Msgid-Bugs-To: https://rtmedia.io/support/\n"
-"POT-Creation-Date: 2023-08-10 05:27:52+00:00\n"
+"POT-Creation-Date: 2023-09-04 04:09:52+00:00\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=utf-8\n"
 "Content-Transfer-Encoding: 8bit\n"
@@ -288,39 +288,43 @@ msgstr ""
 msgid "Subscribe"
 msgstr ""
 
-#: app/admin/RTMediaAdmin.php:1428
+#: app/admin/RTMediaAdmin.php:1408
+msgid "You do not have permission to export settings."
+msgstr ""
+
+#: app/admin/RTMediaAdmin.php:1433
 msgid "Unable to read file!"
 msgstr ""
 
-#: app/admin/RTMediaAdmin.php:1440 app/admin/RTMediaAdmin.php:1447
+#: app/admin/RTMediaAdmin.php:1445 app/admin/RTMediaAdmin.php:1452
 msgid "Invalid JSON Supplied!"
 msgstr ""
 
-#: app/admin/RTMediaAdmin.php:1453
+#: app/admin/RTMediaAdmin.php:1458
 msgid "Invalid JSON Supplied. The JSON you supplied is not exported from rtMedia!"
 msgstr ""
 
-#: app/admin/RTMediaAdmin.php:1463
+#: app/admin/RTMediaAdmin.php:1468
 msgid "Data passed for settings is unchanged!"
 msgstr ""
 
-#: app/admin/RTMediaAdmin.php:1467
+#: app/admin/RTMediaAdmin.php:1472
 msgid "rtMedia Settings imported successfully!"
 msgstr ""
 
-#: app/admin/RTMediaAdmin.php:1470
+#: app/admin/RTMediaAdmin.php:1475
 msgid "Could not update rtMedia Settings"
 msgstr ""
 
-#: app/admin/RTMediaAdmin.php:1505
+#: app/admin/RTMediaAdmin.php:1510
 msgid "Thank you for your time."
 msgstr ""
 
-#: app/admin/RTMediaAdmin.php:1532
+#: app/admin/RTMediaAdmin.php:1537
 msgid "Premium Add-ons"
 msgstr ""
 
-#: app/admin/RTMediaAdmin.php:1688
+#: app/admin/RTMediaAdmin.php:1693
 #. translators: 1$s: Account page and link. 2$s: License documentation page
 #. link.
 msgid ""
@@ -329,7 +333,7 @@ msgid ""
 "page."
 msgstr ""
 
-#: app/admin/RTMediaAdmin.php:1708
+#: app/admin/RTMediaAdmin.php:1713
 #. translators: 1. License page link.
 msgid ""
 "We found an invalid or expired license key for rtMedia Premium. Please go "
@@ -1899,15 +1903,19 @@ msgstr ""
 msgid "The method expects an array in arguments for %s provided."
 msgstr ""
 
-#: app/helper/rtUploadAttachment.php:80
+#: app/helper/rtUploadAttachment.php:32
+msgid "You are not allowed to upload file."
+msgstr ""
+
+#: app/helper/rtUploadAttachment.php:85
 msgid "You can not upload more than 2 MB."
 msgstr ""
 
-#: app/helper/rtUploadAttachment.php:86
+#: app/helper/rtUploadAttachment.php:91
 msgid "There was an error uploading your files"
 msgstr ""
 
-#: app/helper/rtUploadAttachment.php:90
+#: app/helper/rtUploadAttachment.php:95
 msgid "Form was submitted"
 msgstr ""
 
diff --git a/readme.txt b/readme.txt
index 9d5c062d6..3f72b086e 100755
--- a/readme.txt
+++ b/readme.txt
@@ -5,7 +5,7 @@ License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
 Requires at least: WordPress 4.1
 Tested up to: 6.3
-Stable tag: 4.6.14
+Stable tag: 4.6.15
 
 Add albums, photo, audio/video upload, privacy, sharing, front-end uploads & more. All this works on mobile/tablets devices.
 
@@ -133,6 +133,14 @@ http://www.youtube.com/watch?v=dJrykKQGDcs
 
 == Changelog ==
 
+= 4.6.15 [September 4, 2023] =
+
+* Fixed
+
+ * Fixed security issue.
+ * Fixed console error related to max file size.
+
+
 = 4.6.14 [August 11, 2023] =
 
 * Enhancement
@@ -1841,6 +1849,9 @@ http://www.youtube.com/watch?v=dJrykKQGDcs
 
 == Upgrade Notice ==
 
+= 4.6.15 =
+rtMedia 4.6.15 with minor security fixes.
+
 = 4.6.14 =
 rtMedia 4.6.14 with some new features & minor UI/UX fixes.