CVE-2025-26921

Published Mar 15, 2025

Last updated 3 months ago

CVSS high 8.8

Overview

Description
Deserialization of Untrusted Data vulnerability in magepeopleteam Booking and Rental Manager allows Object Injection. This issue affects Booking and Rental Manager: from n/a through 2.2.6.
Source
audit@patchstack.com
NVD status
Received

Risk scores

CVSS 3.1

Type
Secondary
Base score
8.8
Impact score
5.9
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

audit@patchstack.com
CWE-502

Social media

Hype score
Not currently trending

  1. CVE-2025-26921 (CVSS:8.8, HIGH) is Awaiting Analysis. Deserialization of Untrusted Data vulnerability in magepeopleteam Booking and Rental Manager allows Object Injection. Th..https://t.co/K4cOXIq8k6 #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre

    @cracbot

    20 Mar 2025

    8 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  2. ๐Ÿšจ CVE-2025-26921 ๐Ÿ”ด HIGH (8.8) ๐Ÿข magepeopleteam - Booking and Rental Manager ๐Ÿ—๏ธ Unknown Version ๐Ÿ”— https://t.co/KbQG3kl8Fk #CyberCron #VulnAlert #InfoSec https://t.co/4NhaDeaCfG

    @cybercronai

    17 Mar 2025

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. New post from https://t.co/uXvPWJy6tj (CVE-2025-26921 | magepeopleteam Booking and Rental Manager Plugin up to 2.2.6 on WordPress deserialization) has been published on https://t.co/nwCviL01UZ

    @WolfgangSesin

    16 Mar 2025

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. [CVE-2025-26921: HIGH] Deserialization of Untrusted Data vulnerability in magepeopleteam Booking and Rental Manager allows Object Injection. This issue affects Booking and Rental Manager: from n/a through 2.2.6.#cybersecurity,#vulnerability https://t.co/UM1kY5EOFr https://t.co/PM

    @CveFindCom

    15 Mar 2025

    7 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. CVE-2025-26921 Deserialization of Untrusted Data vulnerability in magepeopleteam Booking and Rental Manager allows Object Injection. This issue affects Booking and Rental Manager: fโ€ฆ https://t.co/sxHIH9H0wk

    @CVEnew

    15 Mar 2025

    179 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.