Missing Authorization in Car Rental Manager by MagePeople Team
CVE-2026-61985

5.3MEDIUM

Key Information:

Vendor

WordPress

Vendor
CVE Published:
13 July 2026

What is CVE-2026-61985?

The Car Rental Manager plugin by MagePeople Team is susceptible to a Missing Authorization vulnerability, due to incorrectly configured access control security levels. This flaw allows attackers to bypass restrictions and potentially access unauthorized areas of the plugin, affecting versions of Car Rental Manager up to and including 1.3.7. It is crucial for users of this plugin to assess their security posture and apply necessary patches to mitigate the risk.

Affected Version(s)

Car Rental Manager 0 <= 1.3.7

References

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

V1t | Patchstack Bug Bounty Program
.