cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2021-25004,https://securityvulnerability.io/vulnerability/CVE-2021-25004,SEUR Oficial < 1.7.2 - Admin+ Arbitrary File Download,"The SEUR Oficial WordPress plugin before 1.7.2 creates a PHP file with a random name when installed, even though it is used for support purposes, it allows to download any file from the web server without restriction after knowing the URL and a password than an administrator can see in the plugin settings page.",Wordpress,Seur Oficial,4.9,MEDIUM,0.0008299999753944576,false,,false,false,false,,false,false,2022-02-07T15:47:15.000Z,0
CVE-2021-25005,https://securityvulnerability.io/vulnerability/CVE-2021-25005,SEUR Oficial < 1.7.0 - Admin+ Stored Cross-Site Scripting,The SEUR Oficial WordPress plugin before 1.7.0 does not sanitize and escape some of its settings allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed,Wordpress,Seur Oficial,4.8,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2022-01-17T13:00:30.000Z,0