Vulnerabilities > Seur Oficial Project > Seur Oficial > 1.7.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-07 | CVE-2021-25004 | Files or Directories Accessible to External Parties vulnerability in Seur Oficial Project Seur Oficial The SEUR Oficial WordPress plugin before 1.7.2 creates a PHP file with a random name when installed, even though it is used for support purposes, it allows to download any file from the web server without restriction after knowing the URL and a password than an administrator can see in the plugin settings page. | 4.9 |