5 matches found
CVE-2024-9438
The SEUR Oficial plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'changeservice' parameter in all versions up to, and including, 2.2.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...
WordPress SEUR Oficial plugin <= 2.2.11 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin SEUR Oficial versions = 2.2.11...
WordPress SEUR Oficial Plugin <= 2.2.11 is vulnerable to Cross Site Scripting (XSS)
Software SEUR Oficial Type Plugin Vulnerable versions = 2.2.11 Fixed in 2.2.12 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9438 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 09ee4a264f33 Credits vgo0 Required...
CVE-2021-25004 SEUR Oficial < 1.7.2 - Admin+ Arbitrary File Download
The SEUR Oficial WordPress plugin before 1.7.2 creates a PHP file with a random name when installed, even though it is used for support purposes, it allows to download any file from the web server without restriction after knowing the URL and a password than an administrator can see in the plugin...
WordPress SEUR Oficial plugin cross-site scripting vulnerability
WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. cross-site scripting vulnerability exists in versions of WordPress SEUR Oficial plugin prior to 1.7.0, which stems from the...