GHSA-6r7v-ww2r-2qprMediumCVSS 5.3

The RentMy Real-Time Rental Management Plugin plugin for WordPress is vulnerable to authorization...

Published
June 24, 2026
Last Modified
June 24, 2026

🔗 CVE IDs covered (1)

📋 Description

The RentMy Real-Time Rental Management Plugin plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.0.4.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to read, create, update, and delete event records stored in the rentmy_events WordPress option, as well as overwrite the rentmy_locationId option.

🔗 References (7)