Vulnerability in Wp Travel Engine
CVE-2026-10834
The WP Travel Engine WordPress plugin before 6.8.1 does not properly validate the source of a user-supplied profile image path before moving the file, allowing authenticated users with subscriber-level access and above to relocate arbitra…
Affected products
- Unknown Wp Travel Engine — versions 0
References
- contact@wpscan.com (technical-description, exploit, vdb-entry)