cleantalk
Vulnerabilities and Security Researches

SEUR Oficial, CVE-2024-9438

CVE, Research URL

CVE-2024-9438

Home page URL

Security reports for SEUR Oficial

Application

SEUR Oficial

Published on
Oct 29, 2024
Research Description
The SEUR Oficial plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'change_service' parameter in all versions up to, and including, 2.2.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Affected versions
Min -, max 2.2.12.
Status
vulnerable
Previous vulnerability researches
SEUR Oficial (CVE-2025-46474) , May 05, 2025
SEUR Oficial (CVE-2021-25005) , Jun 07, 2024
SEUR Oficial (CVE-2021-25004) , Jun 07, 2024
SEUR Oficial (CVE-2024-9201) , Oct 20, 2024
SEUR Oficial (CVE-2024-9438) , Oct 30, 2024
New vulnerability
Absolute Links (CVE-2025-43833) , May 05, 2025
List Children (CVE-2025-4099) , May 05, 2025
Libro de Reclamaciones (CVE-2025-46446) , May 05, 2025
Enhanced Paypal Shortcodes (CVE-2025-46543) , May 05, 2025
My Custom Widgets (CVE-2025-46526) , May 05, 2025