WordPress RentSyst plugin <= 2.0.92 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

July 4, 2025 invoker category_cve

CVE Details

Basic Information

Title WordPress RentSyst plugin <= 2.0.92 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability
Type cve
Published 2025-04-09T16:09:43.309Z
Modified 2025-06-11T16:25:14.514Z

Product Information

Vendor dimafreund
Product RentSyst
Version n/a

CVSS Information

Base Score 7.1 (HIGH)
Attack Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

AI Analysis

AI Description A Cross-Site Request Forgery (CSRF) vulnerability in the RentSyst plugin allows Stored XSS, enabling attackers to execute malicious scripts on users’ browsers, posing a significant security risk.
AI Severity High
AI Vendor WordPress Community
AI Product RentSyst
AI Version 2.0.92

Affected Products

  • dimafreund RentSyst n/a

Additional Information

CWE List CWE-352
Source Patchstack

Description

Cross-Site Request Forgery (CSRF) vulnerability in dimafreund RentSyst allows Stored XSS. This issue affects RentSyst: from n/a through 2.0.92.

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.