Vulnerability in Wp Travel Engine

CVE-2026-10834

The WP Travel Engine WordPress plugin before 6.8.1 does not properly validate the source of a user-supplied profile image path before moving the file, allowing authenticated users with subscriber-level access and above to relocate arbitra…

Affected products

  • Unknown Wp Travel Engine — versions 0

References