CVE-2026-56059
Deferred Deferred - Pending Action

Subscriber Arbitrary File Upload in Travel Booking

Vulnerability report for CVE-2026-56059, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-26

Last updated on: 2026-06-26

Assigner: Patchstack

Description

Subscriber Arbitrary File Upload in Travel Booking <= 2.2.5 versions.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-26
Last Modified
2026-06-26
Generated
2026-07-16
AI Q&A
2026-06-26
EPSS Evaluated
2026-07-15
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
patchstack travel_booking_theme to 2.2.6 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-434 The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

The WordPress Travel Booking Theme, versions 2.2.5 and earlier, contains an Arbitrary File Upload vulnerability. This means attackers can upload malicious files, such as backdoors, to a website using this theme. This vulnerability is considered high priority with a CVSS score of 9.9.

Detection Guidance

The vulnerability allows attackers to upload arbitrary files, including backdoors, to a website using the WordPress Travel Booking Theme versions 2.2.5 and earlier.

Detection typically involves monitoring for unusual file uploads or web requests attempting to exploit the arbitrary file upload flaw.

Patchstack has provided a mitigation rule to block attacks until the update is applied, which can be used to detect or prevent exploitation attempts.

Specific commands or detection scripts are not provided in the available resources.

Impact Analysis

This vulnerability can allow attackers to gain unauthorized access to your website by uploading malicious files. These files can be used to take control of the site, execute further attacks, or compromise sensitive data. The risk is significant as it can lead to complete website compromise.

Compliance Impact

The vulnerability allows attackers to upload malicious files, including backdoors, which can lead to unauthorized access and further exploitation of the website.

Such unauthorized access and potential data breaches could negatively impact compliance with common standards and regulations like GDPR and HIPAA, which require protection of personal and sensitive data.

However, the provided information does not explicitly detail the direct effects on compliance with these regulations.

Mitigation Strategies

Immediate action is advised to mitigate this high severity vulnerability.

  • Update the WordPress Travel Booking Theme to version 2.2.6 or later, which resolves the arbitrary file upload issue.
  • Apply the mitigation rule provided by Patchstack to block attacks targeting this vulnerability until the update is applied.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-56059. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart