Car Rental Manager
Monthly
Missing authorization controls in the Car Rental Manager WordPress plugin (≤1.3.7) allow unauthenticated remote attackers to exploit incorrectly configured access control levels, resulting in limited integrity impact. The CVSS vector (PR:N/UI:N) confirms exploitation requires no credentials or user interaction against any publicly reachable WordPress site running the affected plugin. No public exploit code or CISA KEV listing has been identified at time of analysis, keeping real-world risk at a moderate level despite the trivial exploitation conditions.
Missing authorization controls in the Car Rental Manager WordPress plugin (≤1.3.7) allow unauthenticated remote attackers to exploit incorrectly configured access control levels, resulting in limited integrity impact. The CVSS vector (PR:N/UI:N) confirms exploitation requires no credentials or user interaction against any publicly reachable WordPress site running the affected plugin. No public exploit code or CISA KEV listing has been identified at time of analysis, keeping real-world risk at a moderate level despite the trivial exploitation conditions.