cleantalk
Vulnerabilities and Security Researches

VikRentCar Car Rental Management System, CVE-2024-11640

CVE, Research URL

CVE-2024-11640

Home page URL

Security reports for VikRentCar Car Rental Management System

Application

VikRentCar Car Rental Management System

Published on
Mar 08, 2025
Research Description
The VikRentCar Car Rental Management System plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.2. This is due to missing or incorrect nonce validation on the 'save' function. This makes it possible for unauthenticated attackers to change plugin access privileges via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Successful exploitation allows attackers with subscriber-level privileges and above to upload arbitrary files on the affected site's server which may make remote code execution possible.
Affected versions
Min -, max 1.4.3.
Status
vulnerable
Previous vulnerability researches
VikRentCar Car Rental Management System (CVE-2024-1845) , Jul 13, 2024
VikRentCar Car Rental Management System (CVE-2023-23998) , Jun 06, 2024
VikRentCar Car Rental Management System (CVE-2021-24519) , Jun 06, 2024
VikRentCar Car Rental Management System (CVE-2024-32780) , Jun 06, 2024
VikRentCar Car Rental Management System (CVE-2021-24388) , Jun 06, 2024
New vulnerability
Printcart Web to Print Product Designer for WooCommerce (CVE-2025-24780) , Jul 05, 2025
bSecure – Your Universal Checkout (CVE-2025-52830) , Jul 05, 2025
DocCheck Login (CVE-2025-6786) , Jul 05, 2025
iFrame Images Gallery (CVE-2025-30969) , Jul 05, 2025
Video Gallery Block – Display your videos as a gallery in a professional way (CVE-2025-27326) , Jul 05, 2025