VYPR

SEUR Oficial

by SEUR OFICIAL

Source repositories

CVEs (4)

  • CVE-2025-46474HigMay 23, 2025
    risk 0.53cvss 8.1epss 0.01

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in SEUR OFICIAL SEUR Oficial seur allows PHP Local File Inclusion.This issue affects SEUR Oficial: from n/a through <= 2.2.23.

  • CVE-2024-9438MedOct 29, 2024
    risk 0.33cvss 6.1epss 0.00

    The SEUR Oficial plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'change_service' parameter in all versions up to, and including, 2.2.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers…

  • CVE-2021-25004Feb 7, 2022
    risk 0.00cvss epss 0.01

    The SEUR Oficial WordPress plugin before 1.7.2 creates a PHP file with a random name when installed, even though it is used for support purposes, it allows to download any file from the web server without restriction after knowing the URL and a password than an administrator can…

  • CVE-2021-25005Jan 17, 2022
    risk 0.00cvss epss 0.01

    The SEUR Oficial WordPress plugin before 1.7.0 does not sanitize and escape some of its settings allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed