Lucene search
K

5 matches found

NVD
NVD
added 2024/10/29 9:15 a.m.19 views

CVE-2024-9438

The SEUR Oficial plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'changeservice' parameter in all versions up to, and including, 2.2.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...

6.1CVSS0.0036EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/10/28 8:43 p.m.5 views

WordPress SEUR Oficial plugin <= 2.2.11 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin SEUR Oficial versions = 2.2.11...

6.1CVSS6.3AI score0.0036EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/10/28 12:0 a.m.15 views

WordPress SEUR Oficial Plugin <= 2.2.11 is vulnerable to Cross Site Scripting (XSS)

Software SEUR Oficial Type Plugin Vulnerable versions = 2.2.11 Fixed in 2.2.12 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9438 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 09ee4a264f33 Credits vgo0 Required...

6.1CVSS5.6AI score0.0036EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2022/02/07 3:47 p.m.25 views

CVE-2021-25004 SEUR Oficial < 1.7.2 - Admin+ Arbitrary File Download

The SEUR Oficial WordPress plugin before 1.7.2 creates a PHP file with a random name when installed, even though it is used for support purposes, it allows to download any file from the web server without restriction after knowing the URL and a password than an administrator can see in the plugin...

5.6AI score0.01156EPSS
Exploits2References1
CNVD
CNVD
added 2022/01/18 12:0 a.m.18 views

WordPress SEUR Oficial plugin cross-site scripting vulnerability

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. cross-site scripting vulnerability exists in versions of WordPress SEUR Oficial plugin prior to 1.7.0, which stems from the...

4.8CVSS2.4AI score0.00605EPSS
Exploits2References1
Rows per page
Query Builder