WordPress Plugin Vulnerabilities

6Storage Rentals <= 2.20.1 - Missing Authorization

Description

The plugin is vulnerable to unauthorized access due to a missing capability check on a function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action.

Affects Plugins

Plugin icon
6storage-rentals
No known fix

References

CVE
CVE-2025-47619
URL
https://patchstack.com/database/wordpress/plugin/6storage-rentals/vulnerability/wordpress-6storage-rentals-2-19-3-broken-access-control-vulnerability

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
astra.r3verii
Verified
No
WPVDB ID
6aded72e-0f7c-42ae-8c32-e391dc1e5823

Timeline

Publicly Published
2025-05-16 (about 11 months ago)
Added
2025-05-20 (about 11 months ago)
Last Updated
2026-02-26 (about 2 months ago)

Other

Published
Title
Published
2025-03-27
Title
Quiz Cat < 3.0.9 - Missing Authorization
Published
2025-06-12
Title
Hydra Booking < 1.1.10 - Missing Authorization
Published
2025-12-23
Title
Brave < 0.8.4 - Missing Authorization
Published
2026-04-09
Title
Majestic Support < 1.1.3 - Missing Authorization
Published
2026-01-11
Title
Solid Central – Site Management, Backups, Security, and Reporting < 3.2.9 - Missing Authorization