Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2025-12-02
CVE-2025-13724 - Vikrentcar Car Rental Management System Plugin
The VikRentCar Car Rental Management System plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'month' parameter in all versions up to, and including, 1.4.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
PLUGIN
Vikrentcar Car Rental Management System
CVE-2025-13724
Risk Score
Threat Entry
Updated 2025-07-10
CVE-2025-5322 - Vikrentcar Car Rental Management System Plugin
The VikRentCar Car Rental Management System plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the do_updatecar and createcar functions in all versions up to, and including, 1.4.3. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server, which may make remote code execution possible.
PLUGIN
Vikrentcar Car Rental Management System
CVE-2025-5322
Risk Score
Threat Entry
Updated 2025-03-11
CVE-2024-11640 - Vikrentcar Car Rental Management System Plugin
The VikRentCar Car Rental Management System plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.2. This is due to missing or incorrect nonce validation on the 'save' function. This makes it possible for unauthenticated attackers to change plugin access privileges via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Successful exploitation allows attackers with subscriber-level privileges and above to upload arbitrary files on the affected site's server which may make…
PLUGIN
Vikrentcar Car Rental Management System
CVE-2024-11640
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-1845 - Vikrentcar Car Rental Management System Plugin
The VikRentCar Car Rental Management System WordPress plugin before 1.3.2 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks
PLUGIN
Vikrentcar Car Rental Management System
CVE-2024-1845
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24519 - Vikrentcar Car Rental Management System Plugin
The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the 'Text Next to Icon' field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue
PLUGIN
Vikrentcar Car Rental Management System
CVE-2021-24519
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24388 - Vikrentcar Car Rental Management System Plugin
In the VikRentCar Car Rental Management System WordPress plugin before 1.1.7, there is a custom filed option by which we can manage all the fields that the users will have to fill in before saving the order. However, the field name is not sanitised or escaped before being output back in the page, leading to a stored Cross-Site Scripting issue. There is also no CSRF check done before saving the setting, allowing attackers to make a logged in admin set arbitrary Custom Fields, including one with XSS payload in it.
PLUGIN
Vikrentcar Car Rental Management System
CVE-2021-24388
Risk Score