Filtered by vendor Seur Oficial Project
Subscribe
Total
2 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-25005 | 1 Seur Oficial Project | 1 Seur Oficial | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
The SEUR Oficial WordPress plugin before 1.7.0 does not sanitize and escape some of its settings allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | |||||
CVE-2021-25004 | 1 Seur Oficial Project | 1 Seur Oficial | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
The SEUR Oficial WordPress plugin before 1.7.2 creates a PHP file with a random name when installed, even though it is used for support purposes, it allows to download any file from the web server without restriction after knowing the URL and a password than an administrator can see in the plugin settings page. |