Vulnerabilities > Futuriowp

DATE CVE VULNERABILITY TITLE RISK
2024-11-12 CVE-2024-10695 Authorization Bypass Through User-Controlled Key vulnerability in Futuriowp Futurio Extra
The Futurio Extra plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.0.13 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included.
network
low complexity
futuriowp CWE-639
4.3
2024-10-28 CVE-2024-50446 Cross-site Scripting vulnerability in Futuriowp Futurio Extra
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in FuturioWP Futurio Extra allows Stored XSS.This issue affects Futurio Extra: from n/a through 2.0.11.
network
low complexity
futuriowp CWE-79
5.4
2023-10-03 CVE-2023-40201 Unspecified vulnerability in Futuriowp Futurio Extra
Cross-Site Request Forgery (CSRF) vulnerability in FuturioWP Futurio Extra plugin <= 1.8.4 versions leads to activation of arbitrary plugin.
network
low complexity
futuriowp
8.8
2022-02-14 CVE-2021-25109 SQL Injection vulnerability in Futuriowp Futurio Extra
The Futurio Extra WordPress plugin before 1.6.3 is affected by a SQL Injection vulnerability that could be used by high privilege users to extract data from the database as well as used to perform Cross-Site Scripting (XSS) against logged in admins by making send open a malicious link.
network
low complexity
futuriowp CWE-89
2.7
2022-02-14 CVE-2021-25110 Unspecified vulnerability in Futuriowp Futurio Extra
The Futurio Extra WordPress plugin before 1.6.3 allows any logged in user, such as subscriber, to extract any other user's email address.
network
low complexity
futuriowp
4.3