CVE-2024-6459

News Element Elementor Blog Magazine < 1.0.6 - Unauthenticated LFI

Description

The News Element Elementor Blog Magazine WordPress plugin before 1.0.6 is vulnerable to Local File Inclusion via the template parameter. This makes it possible for unauthenticated attacker to include and execute PHP files on the server, allowing the execution of any PHP code in those files.

INFO

Published Date :

2024-08-17T06:00:02.718Z

Last Modified :

2024-09-13T14:04:34.741Z

Source :

WPScan

AFFECTED PRODUCTS

The following products are affected by CVE-2024-6459 vulnerability.

Vendors	Products
News Element Elementor Blog Magazine	Wordpress Plugin
Webangon	News Element

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-6459.

URL	Resource
https://wpscan.com/vulnerability/330359fa-d085-4923-b5a8-c0e2e5267247/

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact