45 matches found
EUVD-2024-49785
Malicious code in bioql PyPI...
EUVD-2025-28051
Malicious code in bioql PyPI...
CVE-2025-46474
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in SEUR OFICIAL SEUR Oficial seur allows PHP Local File Inclusion.This issue affects SEUR Oficial: from n/a through = 2.2.23...
CVE-2025-46474
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in SEUR OFICIAL SEUR Oficial seur allows PHP Local File Inclusion.This issue affects SEUR Oficial: from n/a through = 2.2.23...
CVE-2025-46474 WordPress SEUR Oficial <= 2.2.23 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in SEUR OFICIAL SEUR Oficial allows PHP Local File Inclusion. This issue affects SEUR Oficial: from n/a through 2.2.23...
CVE-2025-46474
CVE-2025-46474 = Unauthenticated Local File Inclusion in WordPress SEUR Oficial plugin
CVE-2025-46474 WordPress SEUR Oficial plugin <= 2.2.23 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in SEUR OFICIAL SEUR Oficial seur allows PHP Local File Inclusion.This issue affects SEUR Oficial: from n/a through = 2.2.23...
CVE-2024-9438
The SEUR Oficial plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'changeservice' parameter in all versions up to, and including, 2.2.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...
WordPress plugin SEUR Oficial 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2025-22731 · Unknown · Seur Oficial
Name of the Vulnerable Software and Affected Versions: SEUR Oficial versions n/a through 2.2.23 Description: The issue affects SEUR Oficial due to an Improper Control of Filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion' or PHP Local File Inclusion...
CVE-2021-25004
The SEUR Oficial WordPress plugin before 1.7.2 creates a PHP file with a random name when installed, even though it is used for support purposes, it allows to download any file from the web server without restriction after knowing the URL and a password than an administrator can see in the plugin...
CVE-2024-9438
The SEUR Oficial plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'changeservice' parameter in all versions up to, and including, 2.2.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...
CVE-2024-9438
CVE-2024-9438 (SEUR Oficial plugin for WordPress) : Affected product is the SEUR Oficial WordPress plugin. The vulnerability is a Reflected Cross-Site Scripting (XSS) via the change_service parameter in all versions up to 2.2.11, caused by insufficient input sanitization and output escaping. Unau...
CVE-2024-9438 SEUR Oficial <= 2.2.11 - Reflected Cross-Site Scripting
The SEUR Oficial plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'changeservice' parameter in all versions up to, and including, 2.2.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...
CVE-2024-9438 SEUR Oficial <= 2.2.11 - Reflected Cross-Site Scripting
The SEUR Oficial plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'changeservice' parameter in all versions up to, and including, 2.2.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...
WordPress plugin SEUR Oficial 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress SEUR Oficial plugin <= 2.2.11 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin SEUR Oficial versions = 2.2.11...
WordPress SEUR Oficial Plugin <= 2.2.11 is vulnerable to Cross Site Scripting (XSS)
Software SEUR Oficial Type Plugin Vulnerable versions = 2.2.11 Fixed in 2.2.12 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9438 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 09ee4a264f33 Credits vgo0 Required...
CVE-2024-9201
The SEUR plugin, in its versions prior to 2.5.11, is vulnerable to time-based SQL injection through the use of the ‘idorder’ parameter of the ‘/modules/seur/ajax/saveCodFee.php’ endpoint...
CVE-2024-9201
The SEUR plugin, in its versions prior to 2.5.11, is vulnerable to time-based SQL injection through the use of the ‘idorder’ parameter of the ‘/modules/seur/ajax/saveCodFee.php’ endpoint...