Missing Authorization in Car Rental Manager by MagePeople Team
CVE-2026-61985
5.3MEDIUM
What is CVE-2026-61985?
The Car Rental Manager plugin by MagePeople Team is susceptible to a Missing Authorization vulnerability, due to incorrectly configured access control security levels. This flaw allows attackers to bypass restrictions and potentially access unauthorized areas of the plugin, affecting versions of Car Rental Manager up to and including 1.3.7. It is crucial for users of this plugin to assess their security posture and apply necessary patches to mitigate the risk.
Affected Version(s)
Car Rental Manager 0 <= 1.3.7