Close Menu
    Subscribe
    Alerts

    CVE-2024-58349 | THREATINT

    adminBy No Comments1 Min Read


    Home

    Description

    WordPress Theme Travelscape 1.0.3 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by exploiting insufficient validation in the theme’s upload functionality. Attackers can upload arbitrary files to the theme directory and execute them to achieve remote code execution on the affected WordPress installation.

    PUBLISHED Reserved 2026-06-06 | Published 2026-06-08 | Updated 2026-06-08 | Assigner VulnCheck

    CRITICAL: 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

    CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

    Problem types

    Unrestricted Upload of File with Dangerous Type

    Product status

    1.0.3
    affected

    Credits

    Milad Karimi (Ex3ptionaL) finder

    References

    www.exploit-db.com/exploits/51969 (ExploitDB-51969) exploit

    www.vulncheck.com/…theme-travelscape-arbitrary-file-upload (VulnCheck Advisory: WordPress Theme Travelscape 1.0.3 Arbitrary File Upload) third-party-advisory

    cve.org (CVE-2024-58349)

    nvd.nist.gov (CVE-2024-58349)

    Download JSON



    Source link

    Share.

    Related Posts

    Add A Comment

    Comments are closed.