Skip to main content

Booking And Rental Manager

1 CVEs product

Monthly

CVE-2026-57404 MEDIUM This Month

Missing authorization in the Booking and Rental Manager WordPress plugin (≤ 2.6.9) exposes unauthenticated remote attackers to broken access control, enabling unauthorized modification of booking data and partial disruption of plugin availability. The CVSS:3.1 vector (AV:N/AC:L/PR:N/UI:N) confirms exploitation requires no authentication or user interaction against any internet-facing WordPress/WooCommerce site running the affected plugin. No public exploit code or CISA KEV listing has been identified at time of analysis, but the low attack complexity makes this straightforwardly exploitable once a target is identified.

Authentication Bypass WordPress Booking And Rental Manager
NVD
CVSS 3.1
6.5
EPSS
0.3%
EPSS 0% CVSS 6.5
MEDIUM This Month

Missing authorization in the Booking and Rental Manager WordPress plugin (≤ 2.6.9) exposes unauthenticated remote attackers to broken access control, enabling unauthorized modification of booking data and partial disruption of plugin availability. The CVSS:3.1 vector (AV:N/AC:L/PR:N/UI:N) confirms exploitation requires no authentication or user interaction against any internet-facing WordPress/WooCommerce site running the affected plugin. No public exploit code or CISA KEV listing has been identified at time of analysis, but the low attack complexity makes this straightforwardly exploitable once a target is identified.

Authentication Bypass WordPress Booking And Rental Manager
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy