RSS   Podatności dla 'Seur oficial'   RSS

2022-02-07
 
CVE-2021-25004

CWE-552
 

 
The SEUR Oficial WordPress plugin before 1.7.2 creates a PHP file with a random name when installed, even though it is used for support purposes, it allows to download any file from the web server without restriction after knowing the URL and a password than an administrator can see in the plugin settings page.

 
2022-01-17
 
CVE-2021-25005

CWE-79
 

 
The SEUR Oficial WordPress plugin before 1.7.0 does not sanitize and escape some of its settings allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

 


Copyright 2024, cxsecurity.com

 

Back to Top