Unrated severityNVD Advisory· Published Feb 7, 2022· Updated Aug 3, 2024
SEUR Oficial < 1.7.2 - Admin+ Arbitrary File Download
CVE-2021-25004
Description
The SEUR Oficial WordPress plugin before 1.7.2 creates a PHP file with a random name when installed, even though it is used for support purposes, it allows to download any file from the web server without restriction after knowing the URL and a password than an administrator can see in the plugin settings page.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/SEUR Oficialdescription
- Range: <1.7.2
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/cfbc2b43-b8f8-4bcb-a3d3-39d217afa530mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.