CVSS: 5.3EPSS: %CPEs: 1EXPL: 0CVE-2025-39390 – Booking and Rental Manager <= 2.3.7 - Missing Authorization
https://notcve.org/view.php?id=CVE-2025-39390
18 Apr 2025 — The Booking and Rental Manager for Bike | Car | Resort | Appointment | Dress | Equipment plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.3.7. This makes it possible for unauthenticated attackers to perform an unauthorized action. • CWE-862: Missing Authorization •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-39457 – WordPress Booking and Rental Manager plugin <= 2.2.8 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2025-39457
17 Apr 2025 — Missing Authorization vulnerability in magepeopleteam Booking and Rental Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Booking and Rental Manager: from n/a through 2.2.8. The Booking and Rental Manager for Bike | Car | Resort | Appointment | Dress | Equipment plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.2.8. This makes it possible for unauthenticated atta... • https://patchstack.com/database/wordpress/plugin/booking-and-rental-manager-for-woocommerce/vulnerability/wordpress-booking-and-rental-manager-plugin-2-2-8-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27011 – WordPress Booking and Rental Manager plugin <= 2.2.8 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2025-27011
11 Apr 2025 — Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in magepeopleteam Booking and Rental Manager allows PHP Local File Inclusion. This issue affects Booking and Rental Manager: from n/a through 2.2.8. The Booking and Rental Manager plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.2.8. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execut... • https://patchstack.com/database/wordpress/plugin/booking-and-rental-manager-for-woocommerce/vulnerability/wordpress-booking-and-rental-manager-plugin-2-2-8-local-file-inclusion-vulnerability?_s_id=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26921 – WordPress Booking and Rental Manager Plugin <= 2.2.6 - PHP Object Injection vulnerability
https://notcve.org/view.php?id=CVE-2025-26921
23 Feb 2025 — Deserialization of Untrusted Data vulnerability in magepeopleteam Booking and Rental Manager allows Object Injection. This issue affects Booking and Rental Manager: from n/a through 2.2.6. The Booking and Rental Manager for Bike | Car | Resort | Appointment | Dress | Equipment plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.2.6 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Contributor-level access and above... • https://patchstack.com/database/wordpress/plugin/booking-and-rental-manager-for-woocommerce/vulnerability/wordpress-booking-and-rental-manager-plugin-2-2-6-php-object-injection-vulnerability?_s_id=cve • CWE-502: Deserialization of Untrusted Data •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22720 – WordPress WpRently | WordPress plugin plugin <= 2.2.1 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2025-22720
15 Jan 2025 — Missing Authorization vulnerability in MagePeople Team Booking and Rental Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Booking and Rental Manager: from n/a through 2.2.1. The Booking and Rental Manager for Bike | Car | Resort | Appointment | Dress | Equipment plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.2.1. This makes it possible for unauthenticated att... • https://patchstack.com/database/wordpress/plugin/booking-and-rental-manager-for-woocommerce/vulnerability/wordpress-wprently-wordpress-plugin-plugin-2-2-1-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •