CVE-2021-25004
N/A
N/A
Summary
The SEUR Oficial WordPress plugin before 1.7.2 creates a PHP file with a random name when installed, even though it is used for support purposes, it allows to download any file from the web server without restriction after knowing the URL and a password than an administrator can see in the plugin settings page.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Unknown | SEUR Oficial | 1.7.2 < 1.7.2 | affected |
Weaknesses
- CWE-552: CWE-552 Files or Directories Accessible to External Parties
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.