Vulnerabilities and security researches for6storage-rentals 6storage-rentals

Apr 05, 2025

CVE, Research URL: CVE-2025-32178
Home page URL: Security reports for 6Storage Rentals
Application: 6Storage Rentals
Date: Apr 04, 2025
Research Description: Missing Authorization vulnerability in 6Storage 6Storage Rentals allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects 6Storage Rentals: from n/a through 2.18.0.
Affected versions: max 2.18.0.
Status: vulnerable

Jun 01, 2025

CVE, Research URL: CVE-2025-47619
Home page URL: Security reports for 6Storage Rentals
Application: 6Storage Rentals
Date: May 23, 2025
Research Description: Missing Authorization vulnerability in 6Storage 6Storage Rentals allows Path Traversal. This issue affects 6Storage Rentals: from n/a through 2.19.4.
Affected versions: max 2.19.4.
Status: vulnerable

Jun 15, 2025

CVE, Research URL: CVE-2023-26002
Home page URL: Security reports for 6Storage Rentals
Application: 6Storage Rentals
Date: Jun 06, 2025
Research Description: Missing Authorization vulnerability in 6Storage 6Storage Rentals allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects 6Storage Rentals: from n/a through 2.19.5.
Affected versions: max 2.19.7.
Status: vulnerable

Jan 10, 2026

CVE, Research URL: CVE-2025-67623
Home page URL: Security reports for 6Storage Rentals
Application: 6Storage Rentals
Date: Dec 24, 2025
Research Description: Server-Side Request Forgery (SSRF) vulnerability in 6Storage 6Storage Rentals 6storage-rentals allows Server Side Request Forgery.This issue affects 6Storage Rentals: from n/a through <= 2.19.9.
Affected versions: max 2.19.9.
Status: vulnerable

Jun 11, 2026

CVE, Research URL: CVE-2026-9185
Home page URL: Security reports for 6Storage Rentals
Application: 6Storage Rentals
Date: Jun 09, 2026
Research Description: The 6Storage Rentals plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to and including 2.22.0 via the `userId` parameter of the `six_storage_get_user_info` and `six_storage_update_profile` AJAX actions. This is due to the `six_storage_getUserInfo()` and `six_storage_updateProfile()` functions being registered on `wp_ajax_nopriv_*` hooks and accepting a tenant identifier directly from `$_POST['userId']` without performing any ownership verification, session binding, or nonce validation to confirm the requester has a legitimate relationship to the supplied ID. This makes it possible for unauthenticated attackers to read and modify arbitrary tenants' profile data — including name, email address, phone number, physical address, and SSN — by supplying an enumerated `userId` value in a crafted request to either handler.
Affected versions: max 2.22.0.
Status: vulnerable