VYPR

6storage Rentals

by WordPress

Source repositories

CVEs (5)

  • CVE-2026-9185HigJun 9, 2026
    risk 0.49cvss 7.5epss 0.00

    The 6Storage Rentals plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to and including 2.22.0 via the `userId` parameter of the `six_storage_get_user_info` and `six_storage_update_profile` AJAX actions. This is due to the…

  • CVE-2025-47619MedMay 23, 2025
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in 6Storage 6Storage Rentals 6storage-rentals allows Path Traversal.This issue affects 6Storage Rentals: from n/a through <= 2.20.2.

  • CVE-2025-67623MedDec 24, 2025
    risk 0.35cvss 5.4epss 0.00

    Server-Side Request Forgery (SSRF) vulnerability in 6Storage 6Storage Rentals 6storage-rentals allows Server Side Request Forgery.This issue affects 6Storage Rentals: from n/a through <= 2.22.0.

  • CVE-2025-32178MedApr 4, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in 6Storage 6Storage Rentals 6storage-rentals allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 6Storage Rentals: from n/a through <= 2.20.2.

  • CVE-2023-26002MedJun 6, 2025
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in 6Storage 6Storage Rentals allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects 6Storage Rentals: from n/a through 2.19.5.