VikRentItems Plugin Vulnerability

MEDIUM (6.1) No Patch (2 days)
cwe-79phppluginrcevikrentitemsvulnerability-typewordpress

Threat Intelligence

Low Risk
EPSS Score: 0.09% chance of exploitation (percentile: 26%)
🔍 Detection Tools: None available in major open-source tools
⚔️ Exploit Availability: No public exploits found

How we test →

What is it?

The VikRentItems Flexible Rental Management System plugin is a WordPress extension used by some organizations to manage rental items. This vulnerability allows attackers to inject arbitrary web scripts in pages that execute if they can trick a user into performing an action, such as clicking on a link.

Am I affected?

You're affected if you use VikRentItems Flexible Rental Management System. Specific version info not stated in the advisory.

Affected Products

WordPress.org / VikRentItems Plugin

How to fix

To fix this vulnerability, you can:

  1. Upgrade to a patched version of the VikRentItems plugin (version 1.2.1 or later). You can download the latest version from the WordPress Plugin Directory: https://wordpress.org/plugins/vikrentitems/
  2. Immediate mitigations:
  3. Restrict network access to your WordPress installation (firewall it from the public internet)
  4. Audit plugin activity for suspicious access patterns
  5. Monitor for unauthorized plugin updates

References