WordPress Plugin Vulnerabilities

6Storage Rentals <= 2.20.1 - Missing Authorization

Description

The plugin is vulnerable to unauthorized access due to a missing capability check on a function. This makes it possible for authenticated attackers, with Contributor-level access and above, to perform an unauthorized action.

Affects Plugins

Plugin icon
6storage-rentals
No known fix

References

CVE
CVE-2025-32178
URL
https://patchstack.com/database/wordpress/plugin/6storage-rentals/vulnerability/wordpress-6storage-rentals-plugin-2-18-0-broken-access-control-vulnerability

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
thiennv
Verified
No
WPVDB ID
0620cbf8-21a6-440a-b0ad-8d1a83d95a37

Timeline

Publicly Published
2025-04-04 (about 11 months ago)
Added
2025-04-08 (about 11 months ago)
Last Updated
2026-02-26 (about 20 days ago)

Other

Published
Title
Published
2024-09-25
Title
PWA for WP & AMP < 1.7.73 - Missing Authorization
Published
2025-04-01
Title
Insert Headers and Footers Code – HT Script < 1.1.3 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update
Published
2023-10-26
Title
Deeper Comments <= 2.1.1 - Subscriber+ Arbitrary Options Update
Published
2025-12-04
Title
WPForms Google Sheet Connector < 4.0.1 - Missing Authorization
Published
2023-12-12
Title
CAOS < 4.7.15 - Unauthenticated Settings Update