CVE Catalog

CVE-2026-56059

CriticalCVSS 9.9
Published: Updated: Translated: NVD NIST

Summary

In the Travel Booking plugin version 2.2.5 and earlier, a vulnerability was found that allows a subscriber-level user to upload arbitrary files to the server. This flaw can be exploited to upload malicious software.

Risk Assessment

An attacker with low privileges can upload dangerous files, potentially leading to server compromise or data theft.

Recommendation

Immediately update the Travel Booking plugin to the latest available version and restrict user permissions to the minimum necessary.

Original NVD description (English source)

Subscriber Arbitrary File Upload in Travel Booking <= 2.2.5 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS