CVE-2024-58349
CriticalCVSS 9.8Summary
The WordPress Theme Travelscape version 1.0.3 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by exploiting insufficient validation in the theme's upload functionality. Attackers can upload arbitrary files to the theme directory and execute them to achieve remote code execution on the affected WordPress installation.
Risk Assessment
This vulnerability poses a serious security risk, allowing attackers to execute remote code, which may lead to full control over the website and data breaches.
Recommendation
It is recommended to immediately update the Travelscape theme to the latest version to mitigate this vulnerability. Additionally, implementing further security measures, such as restricting file upload capabilities for unauthorized users, is advisable.
Original NVD description (English source)
WordPress Theme Travelscape 1.0.3 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by exploiting insufficient validation in the theme's upload functionality. Attackers can upload arbitrary files to the theme directory and execute them to achieve remote code execution on the affected WordPress installation.

