CVE-2026-57660
MediumCVSS 5.3Exploitation Probability (EPSS)
Low risk7th percentile — higher than 7% of all known CVEs
Summary
The Booking and Rental Manager plugin version 2.7.1 and earlier contains a vulnerability allowing unauthenticated attackers to bypass access controls. This flaw enables unauthorized access to booking and rental management functions.
Risk Assessment
The risk involves potential unauthorized reading, modification, or deletion of booking data by unauthenticated users. This could lead to a breach of confidentiality and integrity of business data.
Recommendation
Immediately update the Booking and Rental Manager plugin to the latest available version. If an update is not possible, consider temporarily disabling the plugin until a patch is released.
Original NVD description (English source)
Unauthenticated Broken Access Control in Booking and Rental Manager <= 2.7.1 versions.

