CVE Vulnerabilities

CVE-2024-6459

Published: Aug 17, 2024 | Modified: May 27, 2025

CVSS 3.x

N/A

Source:

NVD

CVSS 2.x

RedHat/V2

RedHat/V3

Ubuntu

Additional information

NVD	https://nvd.nist.gov/vuln/detail/CVE-2024-6459
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html

The News Element Elementor Blog Magazine WordPress plugin before 1.0.6 is vulnerable to Local File Inclusion via the template parameter. This makes it possible for unauthenticated attacker to include and execute PHP files on the server, allowing the execution of any PHP code in those files.

Affected Software

Name	Vendor	Start Version	End Version
News_element	Webangon	*	1.0.6 (excluding)

References

https://wpscan.com/vulnerability/330359fa-d085-4923-b5a8-c0e2e5267247/

Aqua Container Security

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.