ГлавнаяУязвимости → CVE-2024-58349
9.8критическая

CVE-2024-58349

Описание

WordPress Theme Travelscape 1.0.3 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by exploiting insufficient validation in the theme's upload functionality. Attackers can upload arbitrary files to the theme directory and execute them to achieve remote code execution on the affected WordPress installation.

CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://www.exploit-db.com/exploits/51969https://www.vulncheck.com/advisories/wordpress-theme-travelscape-arbitrary-file-upload