QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2021-25004

Back to search

CVE-2021-25004

Published: Feb 7, 2022

Modified: Aug 3, 2024

PUBLISHED

Description

The SEUR Oficial WordPress plugin before 1.7.2 creates a PHP file with a random name when installed, even though it is used for support purposes, it allows to download any file from the web server without restriction after knowing the URL and a password than an administrator can see in the plugin settings page.

VendorProductVersions

Unknown

SEUR Oficial

affected
1.7.2 - < 1.7.2

Weaknesses (CWE)

CWE-552

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now