Seur Oficial@* Security Vulnerabilities and Issues — Seur Oficial@* CVE List

Lucene search

Seur Oficial ProjectSeur Oficial*

4 matches found

CVE•added 2022/02/07 4:15 p.m.•41 views

CVE-2021-25004

The SEUR Oficial WordPress plugin before 1.7.2 creates a PHP file with a random name when installed, even though it is used for support purposes, it allows to download any file from the web server without restriction after knowing the URL and a password than an administrator can see in the plugin s...

4.9CVSS5.2AI score0.00606EPSS

CVE•added 2024/10/10 11:15 a.m.•34 views

CVE-2024-9201

The SEUR plugin, in its versions prior to 2.5.11, is vulnerable to time-based SQL injection through the use of the ‘id_order’ parameter of the ‘/modules/seur/ajax/saveCodFee.php’ endpoint.

9.8CVSS9.7AI score0.002EPSS

CVE•added 2025/05/23 1:15 p.m.•33 views

CVE-2025-46474

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in SEUR OFICIAL SEUR Oficial allows PHP Local File Inclusion. This issue affects SEUR Oficial: from n/a through 2.2.23.

8.1CVSS8.3AI score0.00165EPSS

CVE•added 2022/01/17 1:15 p.m.•31 views

CVE-2021-25005

The SEUR Oficial WordPress plugin before 1.7.0 does not sanitize and escape some of its settings allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

4.8CVSS4.7AI score0.00206EPSS