CVE-2025-47619: 
WordPress vulnerability analysis and mitigation

A Missing Authorization vulnerability (CVE-2025-47619) was discovered in 6Storage Rentals WordPress plugin, affecting versions up to 2.19.4. The vulnerability was disclosed on May 16, 2025, and allows Path Traversal due to broken access control issues (Patchstack, Wiz).

The vulnerability is classified as a Broken Access Control issue (CWE-862) with a CVSS v3.1 Base Score of 6.5 (Medium), with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. The issue stems from missing authorization checks that could allow unprivileged users to execute higher privileged actions (Patchstack).

The vulnerability is considered highly dangerous and expected to become mass exploited. It primarily affects the confidentiality of the system, as indicated by the CVSS metrics showing high confidentiality impact but no impact on integrity or availability (Patchstack).

Currently, no official fix is available for this vulnerability. However, Patchstack has issued a virtual patch to mitigate the issue by blocking potential attacks until an official fix becomes available. Website administrators are advised to implement the virtual patch immediately (Patchstack).