A vulnerability was found in sixstorage 6Storage Rentals Plugin up to 2.22.0 on WordPress. It has been declared as problematic . This vulnerability affects the function six_storage_getUserInfo of the component Request Handler . The manipulation of the argument userId results in authorization bypass. This vulnerability was named CVE-2026-9185 . The attack may be performed from remote. There is no available exploit. It is recommended to upgrade the affected component.