cleantalk
Vulnerabilities and Security Researches

RentMy Real-Time Rental Management Plugin, CVE-2026-8690

CVE, Research URL

CVE-2026-8690

Home page URL

Security reports for RentMy Real-Time Rental Management Plugin

Application

RentMy Real-Time Rental Management Plugin

Published on
Jun 24, 2026
Research Description
The RentMy Real-Time Rental Management Plugin plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.0.4.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to read, create, update, and delete event records stored in the rentmy_events WordPress option, as well as overwrite the rentmy_locationId option.
Affected versions
max 4.0.4.1.
Status
vulnerable
Previous vulnerability researches
Tectite Forms (CVE-2026-9599) , Jun 04, 2026
New vulnerability
SearchPlus (CVE-2026-8617) , Jun 25, 2026
Email JavaScript Cloak (CVE-2026-10091) , Jun 25, 2026
Advanced Contact Form 7 – Compact DB (CVE-2026-12094) , Jun 25, 2026
All-In-One Intranet (CVE-2026-54837) , Jun 25, 2026
MDTF – Meta Data and Taxonomies Filter (CVE-2026-54845) , Jun 25, 2026