cleantalk
Vulnerabilities and Security Researches

SEUR Oficial, CVE-2021-25004

CVE, Research URL

CVE-2021-25004

Home page URL

Security reports for SEUR Oficial

Application

SEUR Oficial

Published on
Feb 07, 2022
Research Description
The SEUR Oficial WordPress plugin before 1.7.2 creates a PHP file with a random name when installed, even though it is used for support purposes, it allows to download any file from the web server without restriction after knowing the URL and a password than an administrator can see in the plugin settings page.
Affected versions
Min -, max 1.7.2.
Status
vulnerable
Previous vulnerability researches
SEUR Oficial (CVE-2025-46474) , May 05, 2025
SEUR Oficial (CVE-2021-25005) , Jun 07, 2024
SEUR Oficial (CVE-2021-25004) , Jun 07, 2024
SEUR Oficial (CVE-2024-9201) , Oct 20, 2024
SEUR Oficial (CVE-2024-9438) , Oct 30, 2024
New vulnerability
Absolute Links (CVE-2025-43833) , May 05, 2025
List Children (CVE-2025-4099) , May 05, 2025
Libro de Reclamaciones (CVE-2025-46446) , May 05, 2025
Enhanced Paypal Shortcodes (CVE-2025-46543) , May 05, 2025
My Custom Widgets (CVE-2025-46526) , May 05, 2025