cleantalk
Vulnerabilities and Security Researches

Rental and Booking Manager for Bike, Car, Dress, Resort with WooCommerce Integration – WpRently | WordPress plugin, CVE-2025-49904

CVE, Research URL

CVE-2025-49904

Home page URL

Security reports for Rental and Booking Manager for Bike, Car, Dress, Resort with WooCommerce Integration – WpRently | WordPress plugin

Application

Rental and Booking Manager for Bike, Car, Dress, Resort with WooCommerce Integration – WpRently | WordPress plugin

Published on
Nov 06, 2025
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in magepeopleteam Booking and Rental Manager booking-and-rental-manager-for-woocommerce allows Reflected XSS.This issue affects Booking and Rental Manager: from n/a through <= 2.5.3.
Affected versions
max 2.5.3.
Status
vulnerable
Previous vulnerability researches
Elizaibots (CVE-2025-49893) , Aug 20, 2025
New vulnerability
One Page Express Companion (CVE-2025-62052) , Nov 11, 2025
Boldermail – Email Marketing and Newsletters for WordPress (CVE-2025-52740) , Nov 11, 2025
Block Country (CVE-2025-48077) , Nov 11, 2025
Attesa Extra (CVE-2025-62971) , Nov 11, 2025
Content Locker for Elementor (CVE-2025-10896) , Nov 11, 2025