Vulnerabilities > Seur Oficial Project

DATE	CVE	VULNERABILITY TITLE	RISK
2022-02-07	CVE-2021-25004	Files or Directories Accessible to External Parties vulnerability in Seur Oficial Project Seur Oficial The SEUR Oficial WordPress plugin before 1.7.2 creates a PHP file with a random name when installed, even though it is used for support purposes, it allows to download any file from the web server without restriction after knowing the URL and a password than an administrator can see in the plugin settings page. network low complexity seur-oficial-project CWE-552	4.0
2022-01-17	CVE-2021-25005	Cross-site Scripting vulnerability in Seur Oficial Project Seur Oficial The SEUR Oficial WordPress plugin before 1.7.0 does not sanitize and escape some of its settings allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed network seur-oficial-project CWE-79	3.5

Vulnerabilities > Seur Oficial Project {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Seur Oficial Project"}]}