cleantalk
Vulnerabilities and Security Researches

VikRentCar Car Rental Management System, CVE-2025-5322

CVE, Research URL

CVE-2025-5322

Home page URL

Security reports for VikRentCar Car Rental Management System

Application

VikRentCar Car Rental Management System

Published on
Jul 04, 2025
Research Description
The VikRentCar Car Rental Management System plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the do_updatecar and createcar functions in all versions up to, and including, 1.4.3. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server, which may make remote code execution possible.
Affected versions
Min -, max 1.4.4.
Status
vulnerable
Previous vulnerability researches
Jobs for WordPress (CVE-2024-10104) , Nov 17, 2024
Jobs for WordPress (CVE-2025-1310) , Mar 26, 2025
Jobs for WordPress (CVE-2024-10105) , Mar 26, 2025
Jobs for WordPress (CVE-2025-50050) , Jul 03, 2025
Jobs for WordPress (CVE-2024-2833) , Jun 07, 2024
New vulnerability
Download Plugin (CVE-2025-6586) , Jul 05, 2025
Easy 3D Viewer (fb2e1bb3521d3147fbf4886d171a91edce069e89) , Jul 05, 2025
Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, (CVE-2025-5944) , Jul 05, 2025
Auto Thickbox (3ec8c103834f70650b61fa3cc46bc2b4a3c7abbf) , Jul 05, 2025
Smart Docs (CVE-2025-6787) , Jul 05, 2025