PatchSiren cyber security CVE debrief
CVE-2024-58349 WP Travel Kit CVE debrief
CVE-2024-58349 is a critical vulnerability in WordPress Theme Travelscape 1.0.3. The vulnerability allows unauthenticated attackers to upload malicious files by exploiting insufficient validation in the theme's upload functionality. Attackers can upload arbitrary files to the theme directory and execute them to achieve remote code execution on the affected WordPress installation. The vulnerability has a CVSS score of 9.3 and is classified as CRITICAL.
- Vendor
- WP Travel Kit
- Product
- Travelscape
- CVSS
- CRITICAL 9.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-08
- Original CVE updated
- 2026-06-08
- Advisory published
- 2026-06-08
- Advisory updated
- 2026-06-08
Who should care
Users of WordPress Theme Travelscape 1.0.3 should apply the necessary patches or updates to prevent exploitation of this vulnerability.
Technical summary
The vulnerability is caused by insufficient validation in the theme's upload functionality, allowing unauthenticated attackers to upload arbitrary files.
Defensive priority
high
Recommended defensive actions
- Apply the necessary patches or updates to WordPress Theme Travelscape 1.0.3.
- Restrict access to the theme's upload functionality.
- Monitor for suspicious file uploads and system activity.
Evidence notes
The vulnerability is reported by [email protected] and is referenced in [ref-4](https://www.exploit-db.com/exploits/51969) and [ref-5](https://www.vulncheck.com/advisories/wordpress-theme-travelscape-arbitrary-file-upload).
Official resources
CVE-2024-58349 was published on [cvePublishedAt] and modified on [cveModifiedAt].