CVE-2026-56059
Deferred Deferred - Pending Action
Subscriber Arbitrary File Upload in Travel Booking

Publication date: 2026-06-26

Last updated on: 2026-06-26

Assigner: Patchstack

Description
Subscriber Arbitrary File Upload in Travel Booking <= 2.2.5 versions.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-26
Last Modified
2026-06-26
Generated
2026-06-26
AI Q&A
2026-06-26
EPSS Evaluated
N/A
NVD
CVE-2026-56059
EUVD
EUVD-2026-39713
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
patchstack travel_booking_theme to 2.2.6 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-434 The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Impact Analysis

This vulnerability can allow attackers to gain unauthorized access to your website by uploading malicious files. These files can be used to take control of the site, execute further attacks, or compromise sensitive data. The risk is significant as it can lead to complete website compromise.

Executive Summary

The WordPress Travel Booking Theme, versions 2.2.5 and earlier, contains an Arbitrary File Upload vulnerability. This means attackers can upload malicious files, such as backdoors, to a website using this theme. This vulnerability is considered high priority with a CVSS score of 9.9.

Detection Guidance

The vulnerability allows attackers to upload arbitrary files, including backdoors, to a website using the WordPress Travel Booking Theme versions 2.2.5 and earlier.

Detection typically involves monitoring for unusual file uploads or web requests attempting to exploit the arbitrary file upload flaw.

Patchstack has provided a mitigation rule to block attacks until the update is applied, which can be used to detect or prevent exploitation attempts.

Specific commands or detection scripts are not provided in the available resources.

Mitigation Strategies

Immediate action is advised to mitigate this high severity vulnerability.

  • Update the WordPress Travel Booking Theme to version 2.2.6 or later, which resolves the arbitrary file upload issue.
  • Apply the mitigation rule provided by Patchstack to block attacks targeting this vulnerability until the update is applied.
Compliance Impact

The vulnerability allows attackers to upload malicious files, including backdoors, which can lead to unauthorized access and further exploitation of the website.

Such unauthorized access and potential data breaches could negatively impact compliance with common standards and regulations like GDPR and HIPAA, which require protection of personal and sensitive data.

However, the provided information does not explicitly detail the direct effects on compliance with these regulations.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-56059. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart