Lucene search
K

27 matches found

RedhatCVE
RedhatCVE
added 2025/05/25 1:19 p.m.4 views

CVE-2025-46474

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in SEUR OFICIAL SEUR Oficial seur allows PHP Local File Inclusion.This issue affects SEUR Oficial: from n/a through = 2.2.23...

8.1CVSS7.2AI score0.00649EPSS
Exploits0References1
NVD
NVD
added 2025/05/23 1:15 p.m.4 views

CVE-2025-46474

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in SEUR OFICIAL SEUR Oficial seur allows PHP Local File Inclusion.This issue affects SEUR Oficial: from n/a through = 2.2.23...

8.1CVSS0.00649EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/23 12:43 p.m.11 views

CVE-2025-46474 WordPress SEUR Oficial plugin <= 2.2.23 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in SEUR OFICIAL SEUR Oficial seur allows PHP Local File Inclusion.This issue affects SEUR Oficial: from n/a through = 2.2.23...

8.1CVSS0.00649EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/05/23 12:43 p.m.3 views

CVE-2025-46474 WordPress SEUR Oficial <= 2.2.23 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in SEUR OFICIAL SEUR Oficial allows PHP Local File Inclusion. This issue affects SEUR Oficial: from n/a through 2.2.23...

8.1CVSS8.3AI score0.00649EPSS
Exploits0References1
CVE
CVE
added 2025/05/23 12:43 p.m.39 views

CVE-2025-46474

CVE-2025-46474 = Unauthenticated Local File Inclusion in WordPress SEUR Oficial plugin

8.1CVSS7.2AI score0.00649EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:13 a.m.7 views

CVE-2024-9438

The SEUR Oficial plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'changeservice' parameter in all versions up to, and including, 2.2.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...

6.1CVSS6.4AI score0.0036EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/05/23 12:0 a.m.1 views

WordPress plugin SEUR Oficial 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

8.1CVSS8.3AI score0.00649EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/05/23 12:0 a.m.3 views

PT-2025-22731 · Unknown · Seur Oficial

Name of the Vulnerable Software and Affected Versions: SEUR Oficial versions n/a through 2.2.23 Description: The issue affects SEUR Oficial due to an Improper Control of Filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion' or PHP Local File Inclusion...

8.1CVSS8.7AI score0.00649EPSS
Exploits0References3
NVD
NVD
added 2024/10/29 9:15 a.m.10 views

CVE-2024-9438

The SEUR Oficial plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'changeservice' parameter in all versions up to, and including, 2.2.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...

6.1CVSS0.0036EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/10/29 8:31 a.m.12 views

CVE-2024-9438 SEUR Oficial <= 2.2.11 - Reflected Cross-Site Scripting

The SEUR Oficial plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'changeservice' parameter in all versions up to, and including, 2.2.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...

6.1CVSS0.0036EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/10/29 8:31 a.m.6 views

CVE-2024-9438 SEUR Oficial <= 2.2.11 - Reflected Cross-Site Scripting

The SEUR Oficial plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'changeservice' parameter in all versions up to, and including, 2.2.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...

6.1CVSS6.5AI score0.0036EPSS
Exploits0References3
CVE
CVE
added 2024/10/29 8:31 a.m.47 views

CVE-2024-9438

CVE-2024-9438 (SEUR Oficial plugin for WordPress) : Affected product is the SEUR Oficial WordPress plugin. The vulnerability is a Reflected Cross-Site Scripting (XSS) via the change_service parameter in all versions up to 2.2.11, caused by insufficient input sanitization and output escaping. Unau...

6.1CVSS6AI score0.0036EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/10/29 12:0 a.m.5 views

WordPress plugin SEUR Oficial 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

6.1CVSS6.6AI score0.0036EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/10/28 8:43 p.m.4 views

WordPress SEUR Oficial plugin <= 2.2.11 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin SEUR Oficial versions = 2.2.11...

6.1CVSS6.3AI score0.0036EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/10/28 12:0 a.m.14 views

WordPress SEUR Oficial Plugin <= 2.2.11 is vulnerable to Cross Site Scripting (XSS)

Software SEUR Oficial Type Plugin Vulnerable versions = 2.2.11 Fixed in 2.2.12 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9438 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 09ee4a264f33 Credits vgo0 Required...

6.1CVSS5.6AI score0.0036EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2022/04/01 12:0 a.m.14 views

Wordpress SEUR Oficial Access Control Error Vulnerability

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blogging sites on servers with PHP and MySQL. WordPress plugin is a WordPress open source application plugin. an access control error vulnerability exists i...

4.9CVSS3AI score0.01156EPSS
Exploits2References1
NVD
NVD
added 2022/02/07 4:15 p.m.12 views

CVE-2021-25004

The SEUR Oficial WordPress plugin before 1.7.2 creates a PHP file with a random name when installed, even though it is used for support purposes, it allows to download any file from the web server without restriction after knowing the URL and a password than an administrator can see in the plugin...

4.9CVSS0.01156EPSS
Exploits2References1
CVE
CVE
added 2022/02/07 3:47 p.m.52 views

CVE-2021-25004

The CVE-2021-25004 entry concerns WordPress plugin SEUR Oficial (versions before 1.7.2). The vulnerability arises from the plugin creating a PHP file with a random name used for support, which enables an authenticated attacker to download arbitrary files from the web server when given the URL and...

4.9CVSS5.2AI score0.01156EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2022/02/07 3:47 p.m.17 views

CVE-2021-25004 SEUR Oficial < 1.7.2 - Admin+ Arbitrary File Download

The SEUR Oficial WordPress plugin before 1.7.2 creates a PHP file with a random name when installed, even though it is used for support purposes, it allows to download any file from the web server without restriction after knowing the URL and a password than an administrator can see in the plugin...

5.6AI score0.01156EPSS
Exploits2References1
CNNVD
CNNVD
added 2022/02/07 12:0 a.m.7 views

Wordpress Plugin SEUR Oficial 访问控制错误漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blogging sites on servers with PHP and MySQL. WordPress plugin is a WordPress open source application plugin. an access control error vulnerability exists i...

4.9CVSS5.4AI score0.01156EPSS
Exploits2References2
Rows per page
Query Builder