PT-2026-51685 · Rentmy · Rentmy Real-Time Rental Management Plugin

Abhirup Konwar

Published

2026-06-24

Updated

2026-06-24

CVE-2026-8690

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

The RentMy Real-Time Rental Management Plugin plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.0.4.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to read, create, update, and delete event records stored in the rentmy events WordPress option, as well as overwrite the rentmy locationId option.

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

CVE-2026-8690

Affected Products

Rentmy Real-Time Rental Management Plugin

PT-2026-51685 · Rentmy · Rentmy Real-Time Rental Management Plugin

CVE-2026-8690

Weakness Enumeration

Related Identifiers

Affected Products

References · 6