Filtered by vendor Seur Oficial Project
Subscriptions
Filtered by product Seur Oficial
Subscriptions
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-25005 | 1 Seur Oficial Project | 1 Seur Oficial | 2024-11-21 | 4.8 Medium |
| The SEUR Oficial WordPress plugin before 1.7.0 does not sanitize and escape some of its settings allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | ||||
| CVE-2021-25004 | 1 Seur Oficial Project | 1 Seur Oficial | 2024-11-21 | 4.9 Medium |
| The SEUR Oficial WordPress plugin before 1.7.2 creates a PHP file with a random name when installed, even though it is used for support purposes, it allows to download any file from the web server without restriction after knowing the URL and a password than an administrator can see in the plugin settings page. | ||||
| CVE-2024-9201 | 2 Seur, Seur Oficial Project | 2 Seur, Seur Oficial | 2024-10-16 | 9.4 Critical |
| The SEUR plugin, in its versions prior to 2.5.11, is vulnerable to time-based SQL injection through the use of the ‘id_order’ parameter of the ‘/modules/seur/ajax/saveCodFee.php’ endpoint. | ||||
Page 1 of 1.