Grand Car Rental: Unapproved Actions Can Be Tricked into Occurring

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

6.5

Grand Car Rental: Unapproved Actions Can Be Tricked into Occurring

CVE-2026-39633

Summary

The Grand Car Rental website is vulnerable to a security issue known as Cross-Site Request Forgery. This means that an attacker could trick someone into doing something they didn't intend to do on the Grand Car Rental site, potentially resulting in unauthorized actions. To stay safe, update to the latest version of the software to fix this issue.

Original title

Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Car Rental grandcarrental allows Cross Site Request Forgery.This issue affects Grand Car Rental: from n/a through <= 3.6.9.

Original description

Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Car Rental grandcarrental allows Cross Site Request Forgery.This issue affects Grand Car Rental: from n/a through <= 3.6.9.

Vulnerability type

CWE-352 Cross-Site Request Forgery (CSRF)

https://patchstack.com/database/Wordpress/Theme/grandcarrental/vulnerability/wor...

Published: 8 Apr 2026 · Updated: 9 Apr 2026 · First seen: 8 Apr 2026