VYPR
Unrated severityNVD Advisory· Published Feb 7, 2022· Updated Aug 3, 2024

SEUR Oficial < 1.7.2 - Admin+ Arbitrary File Download

CVE-2021-25004

Description

The SEUR Oficial WordPress plugin before 1.7.2 creates a PHP file with a random name when installed, even though it is used for support purposes, it allows to download any file from the web server without restriction after knowing the URL and a password than an administrator can see in the plugin settings page.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.