WordPress Plugin Vulnerabilities
WP Travel Engine < 6.8.1 - Subscriber+ Arbitrary Media File Move via user_profile_image
Description
The plugin does not properly validate the source of a user-supplied profile image path before moving the file, allowing authenticated users with subscriber-level access and above to relocate arbitrary files within the WordPress uploads directory into their own profile-image path. This removes the targeted media from its original location and can break content across the site.
Proof of Concept
Affects Plugins
References
CVE
Classification
Type
FILE DELETION
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
marim00
Submitter
marim00
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2026-06-16 (about 22 days ago)
Added
2026-06-16 (about 21 days ago)
Last Updated
2026-06-16 (about 21 days ago)