CVE-2024-58349

Severity CVSS v4.0:
CRITICAL
Type:
CWE-434 Unrestricted Upload of File with Dangerous Type
Publication date:
08/06/2026
Last modified:
08/06/2026

Description

WordPress Theme Travelscape 1.0.3 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by exploiting insufficient validation in the theme's upload functionality. Attackers can upload arbitrary files to the theme directory and execute them to achieve remote code execution on the affected WordPress installation.