CYBERHAWK / CVE / CVE-2026-9185

CVE-2026-9185

HIGH CVSS 7.5 other

The flaw

The 6Storage Rentals plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to and including 2.22.0 via the `userId` parameter of the `six_storage_get_user_info` and `six_storage_update_pro

What to do

Review advisory and patch per vendor guidance.

▸ Scan my repo for CVE-2026-9185

References

NVD CISA KEV OSV GitHub Advisory MITRE News search

First seen 2026-06-12 · Tracked by PickBits CyberHawk · Weekly CVE digest

← All CVEs RSS Scheduled audits