CVE-2026-57660 magepeopleteam CVE debrief

Who should care

Administrators and users of the Booking and Rental Manager plugin for WordPress, version 2.7.1 or earlier, should be aware of this vulnerability and take necessary actions to mitigate the risk. This vulnerability could potentially allow unauthorized access to sensitive information or enable attackers to perform malicious actions. Users should check their plugin versions and update to a patched version as soon as possible.

Technical summary

The vulnerability is caused by unauthenticated broken access control in the Booking and Rental Manager plugin for WordPress, versions up to 2.7.1. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N, indicating that the vulnerability can be exploited over the network with low attack complexity and no privileges required. The vulnerability allows attackers to perform unauthorized actions, potentially leading to data breaches or other security incidents.

Defensive priority

Medium priority should be given to patching this vulnerability, as it allows unauthenticated broken access control and has a medium CVSS score. Administrators should prioritize patching this vulnerability, especially if the plugin is used in a sensitive environment or has a high attack surface.

Recommended defensive actions

• Update the Booking and Rental Manager plugin to a patched version as soon as possible.
• Review and monitor plugin usage and access controls to prevent unauthorized actions.
• Implement additional security measures, such as web application firewalls and intrusion detection systems, to detect and prevent exploitation attempts.

Evidence notes

The vulnerability information is based on the CVE record and NVD details. The vendor and product information is not confirmed, with the canonical source listed as 'reference_domain_weak' and confidence level as 'low'. The Patchstack database provides additional information on the vulnerability, including mitigation and vendor references.

Official resources