CVE-2024-58349

CRITICAL(9.8)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Risk Signal Score30/100 — MITTEL

CVSS 9.8 — Kritisch

EPSS-Score

Exploit-Wahrscheinlichkeit (30 Tage)

CVSS Score

9.8

Technische Schwere

Beschreibung

WordPress Theme Travelscape 1.0.3 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by exploiting insufficient validation in the theme's upload functionality. Attackers can upload arbitrary files to the theme directory and execute them to achieve remote code execution on the affected WordPress installation.

Referenzen

https://www.exploit-db.com/exploits/51969
https://www.vulncheck.com/advisories/wordpress-theme-travelscape-arbitrary-file-...