WordPress Plugin Vulnerabilities

6Storage Rentals <= 2.19.6 - Missing Authorization

Description

The 6Storage Rentals plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.19.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action.

Affects Plugins

Plugin icon
6storage-rentals
No known fix

References

CVE
CVE-2023-26002
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/4e1299dc-75a6-4c77-bb92-cb31eea3ab05

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
ghsinfosec
Verified
No
WPVDB ID
57df2537-a9ff-412b-ad4a-139591c8c35d

Timeline

Publicly Published
2025-06-05 (about 11 months ago)
Added
2025-06-10 (about 11 months ago)
Last Updated
2025-06-10 (about 11 months ago)

Other

Published
Title
Published
2025-04-01
Title
GB Gallery Slideshow <= 1.3 - Missing Authorization
Published
2024-08-16
Title
Flash & HTML5 Video < 2.5.31 - Missing Authorization
Published
2026-05-12
Title
Hostinger Reach < 1.3.9 - Subscriber+ Arbitrary API Key Update
Published
2026-04-07
Title
Hustle – Email Marketing, Lead Generation, Optins, Popups < 7.8.11 - Missing Authorization to Unauthenticated Conversion Tracking Data Manipulation
Published
2025-10-30
Title
Accessibility Toolkit by WebYes < 2.0.5 - Missing Authorization