Loading market data...
← Back to CVE feed

CVE-2024-58349

CRITICAL CVSS 9.8 View on NVD ↗

Description

WordPress Theme Travelscape 1.0.3 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by exploiting insufficient validation in the theme's upload functionality. Attackers can upload arbitrary files to the theme directory and execute them to achieve remote code execution on the affected WordPress installation.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Published: Jun 08, 2026 02:16 UTC Modified: Jun 08, 2026 14:59 UTC