Lucene search

WPScanCVE-2024-6459

HistoryAug 17, 2024 - 6:15 a.m.

CVE-2024-6459

2024-08-1706:15:03

WPScan

web.nvd.nist.gov

wordpress plugin

local file inclusion

unauthenticated attacker

php code

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

Percentile

9.5%

JSON

The News Element Elementor Blog Magazine WordPress plugin before 1.0.6 is vulnerable to Local File Inclusion via the template parameter. This makes it possible for unauthenticated attacker to include and execute PHP files on the server, allowing the execution of any PHP code in those files.

Affected configurations

Vulners

Vulnrichment

Node

themerexbuzz_stone-magazine_\&_blogRange<1.0.6wordpress

VendorProductVersionCPE
themerexbuzz_stone-magazine_\&_blog*cpe:2.3:a:themerex:buzz_stone-magazine_\&_blog:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
themerex	buzz_stone-magazine_\&_blog	*	cpe:2.3:a:themerex:buzz_stone-magazine_\&_blog::::::wordpress::*

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "News Element Elementor Blog Magazine",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThan": "1.0.6"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

wpscan.com/vulnerability/330359fa-d085-4923-b5a8-c0e2e5267247/

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

Percentile

9.5%

JSON

Related for CVE-2024-6459