VYPR

Vikrentcar

by WordPress

Source repositories

CVEs (4)

  • CVE-2024-39653CriAug 29, 2024
    risk 0.60cvss 9.3epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in E4J s.R.L. VikRentCar allows SQL Injection.This issue affects VikRentCar: from n/a through 1.4.0.

  • CVE-2026-52699HigJun 15, 2026
    risk 0.49cvss 7.5epss 0.00

    Unauthenticated Insecure Direct Object References (IDOR) in VikRentCar <= 1.4.5 versions.

  • CVE-2025-13724HigDec 2, 2025
    risk 0.49cvss 7.5epss 0.00

    The VikRentCar Car Rental Management System plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'month' parameter in all versions up to, and including, 1.4.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation…

  • CVE-2024-32780MedApr 24, 2024
    risk 0.38cvss 5.9epss 0.01

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in E4J s.R.L. VikRentCar.This issue affects VikRentCar: from n/a through 1.3.2.

VYPR — Vulnerability Intelligence