CVE-2021-25004

CVE-2021-25004: SEUR Oficial < 1.7.2 - Admin+ Arbitrary File Download

Vendor Unknown
Product SEUR Oficial
Weakness CWE-552 · Files accessible externally
Published February 7, 2022
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The SEUR Oficial WordPress plugin before 1.7.2 creates a PHP file with a random name when installed, even though it is used for support purposes, it allows to download any file from the web server without restriction after knowing the URL and a password than an administrator can see in the plugin settings page.

Key dates

02Disclosure timeline

February 7, 2022 CVE published
August 3, 2024 Record updated