WordPress Plugin Vulnerabilities

WP Travel Engine < 6.8.1 - Subscriber+ Arbitrary Media File Move via user_profile_image

Description

The plugin does not properly validate the source of a user-supplied profile image path before moving the file, allowing authenticated users with subscriber-level access and above to relocate arbitrary files within the WordPress uploads directory into their own profile-image path. This removes the targeted media from its original location and can break content across the site.

Proof of Concept

Affects Plugins

Fixed in 6.8.1

References

Classification

Type
FILE DELETION
CWE

Miscellaneous

Original Researcher
marim00
Submitter
marim00
Verified
Yes

Timeline

Publicly Published
2026-06-16 (about 22 days ago)
Added
2026-06-16 (about 21 days ago)
Last Updated
2026-06-16 (about 21 days ago)

Other