WordPress Plugin Vulnerabilities

VikRentCar Car Rental Management System < 1.3.3 - Information Exposure

Description

The VikRentCar Car Rental Management System plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.2 due to publicly accessible PDF files. This makes it possible for unauthenticated attackers to extract potentially sensitive information via PDFs.

Affects Plugins

Plugin icon
vikrentcar
Fixed in 1.3.3

References

CVE
CVE-2024-32780
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/c01a8fbc-c16a-40e2-b628-f874cd3b21e4

Classification

Type
SENSITIVE DATA DISCLOSURE
OWASP top 10
A3: Sensitive Data Exposure
CWE
CWE-200
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Steven Julian
Verified
No
WPVDB ID
be0bb361-0d2a-4f72-8b29-133368331168

Timeline

Publicly Published
2024-04-22 (about 1 year ago)
Added
2024-04-30 (about 1 year ago)
Last Updated
2024-04-30 (about 1 year ago)

Other

Published
Title
Published
2024-07-04
Title
Simple Job Board < 2.12.6 - Unauthenticated Resumes Download
Published
2026-01-16
Title
AWP Classifieds < 4.4.4 - Unauthenticated Information Exposure
Published
2024-08-08
Title
No Update Nag <= 1.4.12 - Unauthenticated Full Path Disclosure
Published
2024-02-12
Title
Frontend File Manager < 22.8 - Sensitive Information Exposure via user uploads
Published
2024-05-03
Title
Mooberry Book Manager < 4.15.13 - Unauthenticated Information Exposure via Export Files