cleantalk
Vulnerabilities and Security Researches

VikRentCar Car Rental Management System, CVE-2025-5322

CVE, Research URL

CVE-2025-5322

Home page URL

Security reports for VikRentCar Car Rental Management System

Application

VikRentCar Car Rental Management System

Published on
Jul 04, 2025
Research Description
The VikRentCar Car Rental Management System plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the do_updatecar and createcar functions in all versions up to, and including, 1.4.3. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server, which may make remote code execution possible.
Affected versions
Min -, max 1.4.4.
Status
vulnerable
Previous vulnerability researches
Custom Product Tabs For WooCommerce (CVE-2024-12721) , Dec 22, 2024
New vulnerability
VikRentCar Car Rental Management System (CVE-2025-5322) , Jul 04, 2025
GoZen Forms (CVE-2025-6783) , Jul 04, 2025
GoZen Forms (CVE-2025-6782) , Jul 04, 2025
CSV Importer Improved (CVE-2025-50013) , Jul 04, 2025
WooCommerce PDF Invoice Builder, Create invoices, packing slips and more (CVE-2025-53203) , Jul 04, 2025