9.8
CVE-2024-6459
- EPSS 4.35%
- Veröffentlicht 17.08.2024 06:15:03
- Zuletzt bearbeitet 27.05.2025 17:48:22
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginNews Element Elementor Blog Magazine <= 1.0.5 - Unauthenticated Local File Inlcusion
The News Element Elementor Blog Magazine WordPress plugin before 1.0.6 is vulnerable to Local File Inclusion via the template parameter. This makes it possible for unauthenticated attacker to include and execute PHP files on the server, allowing the execution of any PHP code in those files.
Mögliche Gegenmaßnahme
News Element Elementor Blog Magazine: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
News Element Elementor Blog Magazine
Version
* - 1.0.5
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Webangon ≫ News Element SwPlatformwordpress Version < 1.0.6
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 4.35% | 0.884 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|