CVE-2026-10834
Received Received - Intake

WP Travel Engine File Relocation Vulnerability

Vulnerability report for CVE-2026-10834, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-07

Last updated on: 2026-07-07

Assigner: WPScan

Description

The WP Travel Engine WordPress plugin before 6.8.1 does not properly validate the source of a user-supplied profile image path before moving the file, allowing authenticated users with subscriber-level access and above to relocate arbitrary files within the WordPress uploads directory into their own profile-image path. This removes the targeted media from its original location and can break content across the site.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-07
Last Modified
2026-07-07
Generated
2026-07-07
AI Q&A
2026-07-07
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
wp_travel_engine wp_travel_engine to 6.8.1 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

The vulnerability CVE-2026-10834 affects the WP Travel Engine WordPress plugin versions prior to 6.8.1. It occurs because the plugin does not properly validate the source of a user-supplied profile image path before moving the file.

This flaw allows authenticated users with subscriber-level access or higher to relocate arbitrary files within the WordPress uploads directory into their own profile-image path.

As a result, the targeted media file is removed from its original location, which can break content across the site.

The attack involves logging in as a low-privileged user, obtaining a nonce from the account dashboard, and submitting a crafted request to move the target file.

Impact Analysis

This vulnerability can impact you by allowing low-privileged authenticated users to move arbitrary files within the WordPress uploads directory.

The targeted media files are removed from their original locations, which can cause broken content or missing media across your website.

This can degrade the user experience and potentially disrupt site functionality that relies on those media files.

Detection Guidance

This vulnerability can be detected by monitoring for unusual file move operations within the WordPress uploads directory, especially those initiated by authenticated users with subscriber-level access or higher.

Specifically, detection involves checking for requests that submit a crafted profile image path to move arbitrary files, which can be identified by analyzing logs for POST requests containing nonces and profile image path parameters.

Commands to help detect this activity could include:

  • Reviewing web server access logs for suspicious POST requests to the account dashboard endpoint that include nonces and profile image path parameters.
  • Using grep or similar tools to search for such requests, for example: `grep -i 'profile_image_path' /var/log/apache2/access.log` or `grep -i 'nonce' /var/log/apache2/access.log`.
  • Monitoring file system changes in the WordPress uploads directory to detect unexpected file moves or missing media files.
Mitigation Strategies

The immediate step to mitigate this vulnerability is to update the WP Travel Engine WordPress plugin to version 6.8.1 or later, where the issue has been fixed.

Until the update can be applied, restrict subscriber-level and higher users from accessing the profile image upload or modification features if possible.

Additionally, monitor the uploads directory for unauthorized file moves and review user activity logs for suspicious behavior.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-10834. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart