CVE-2024-58349 is a critical vulnerability in WordPress Theme Travelscape 1.0.3. The vulnerability allows unauthenticated attackers to upload malicious files by exploiting insufficient validation in the theme's upload functionality. Attackers can upload arbitrary files to the theme directory and execute them to achieve remote code execution on the affected WordPress installation. The vulnerability has a C [truncated]
CVE-2023-54352 is a critical remote code execution vulnerability in the WordPress Seotheme plugin. The vulnerability allows unauthenticated attackers to execute arbitrary PHP code by uploading malicious files to the theme directory. Attackers can access the uploaded PHP shell at /wp-content/themes/seotheme/mar.php to execute system commands and upload additional files for persistent access. The vulnerabil [truncated]
