GHSA-976h-hgxf-4vrcCriticalCVSS 9.8

WordPress Theme Travelscape 1.0.3 contains an arbitrary file upload vulnerability that allows...

Published
June 8, 2026
Last Modified
June 8, 2026

🔗 CVE IDs covered (1)

📋 Description

WordPress Theme Travelscape 1.0.3 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by exploiting insufficient validation in the theme's upload functionality. Attackers can upload arbitrary files to the theme directory and execute them to achieve remote code execution on the affected WordPress installation.

🔗 References (4)