Vulnerabilities and security researches fornews-element news-element

Aug 03, 2024

CVE, Research URL: CVE-2024-6459
Home page URL: Security reports for News Element Elementor Blog Magazine
Application: News Element Elementor Blog Magazine
Date: Aug 17, 2024
Research Description: The News Element Elementor Blog Magazine WordPress plugin before 1.0.6 is vulnerable to Local File Inclusion via the template parameter. This makes it possible for unauthenticated attacker to include and execute PHP files on the server, allowing the execution of any PHP code in those files.
Affected versions: max 1.0.6.
Status: vulnerable

Apr 06, 2025

CVE, Research URL: CVE-2025-32191
Home page URL: Security reports for News Element Elementor Blog Magazine
Application: News Element Elementor Blog Magazine
Date: Apr 04, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webangon News Element Elementor Blog Magazine allows DOM-Based XSS. This issue affects News Element Elementor Blog Magazine: from n/a through 1.0.7.
Affected versions: max 1.0.7.
Status: vulnerable

Apr 16, 2026

CVE, Research URL: CVE-2026-2284
Home page URL: Security reports for News Element Elementor Blog Magazine
Application: News Element Elementor Blog Magazine
Date: Feb 19, 2026
Research Description: The News Element Elementor Blog Magazine plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.8. This is due to a missing capability check and nonce verification on the 'ne_clean_data' AJAX action. This makes it possible for authenticated attackers, with Subscriber-level access and above, to truncate 8 core WordPress database tables (posts, comments, terms, term_relationships, term_taxonomy, postmeta, commentmeta, termmeta) and delete the entire WordPress uploads directory, resulting in complete data loss.
Affected versions: max 1.0.8.
Status: vulnerable