CVE Catalog

CVE-2024-58349

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Summary

The WordPress Theme Travelscape version 1.0.3 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by exploiting insufficient validation in the theme's upload functionality. Attackers can upload arbitrary files to the theme directory and execute them to achieve remote code execution on the affected WordPress installation.

Risk Assessment

This vulnerability poses a serious security risk, allowing attackers to execute remote code, which may lead to full control over the website and data breaches.

Recommendation

It is recommended to immediately update the Travelscape theme to the latest version to mitigate this vulnerability. Additionally, implementing further security measures, such as restricting file upload capabilities for unauthorized users, is advisable.

Original NVD description (English source)

WordPress Theme Travelscape 1.0.3 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by exploiting insufficient validation in the theme's upload functionality. Attackers can upload arbitrary files to the theme directory and execute them to achieve remote code execution on the affected WordPress installation.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS