MEDIUM
rentmy
CVE published 2026-06-24
CVE-2026-8690
The RentMy Real-Time Rental Management Plugin for WordPress has an authorization bypass vulnerability in all versions up to and including 4.0.4.1. The plugin fails to properly verify user authorization for certain actions, allowing unauthenticated attackers to read, create, update, and delete event records stored in the rentmy_events WordPress option. Additionally, attackers can overwrite the rentmy_locat [truncated]