Vulnerabilities > Futuriowp > Futurio Extra > 1.3.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-10-03 | CVE-2023-40201 | Cross-Site Request Forgery (CSRF) vulnerability in Futuriowp Futurio Extra Cross-Site Request Forgery (CSRF) vulnerability in FuturioWP Futurio Extra plugin <= 1.8.4 versions leads to activation of arbitrary plugin. | 8.8 |
2022-02-14 | CVE-2021-25109 | SQL Injection vulnerability in Futuriowp Futurio Extra The Futurio Extra WordPress plugin before 1.6.3 is affected by a SQL Injection vulnerability that could be used by high privilege users to extract data from the database as well as used to perform Cross-Site Scripting (XSS) against logged in admins by making send open a malicious link. | 4.0 |
2022-02-14 | CVE-2021-25110 | Information Exposure vulnerability in Futuriowp Futurio Extra The Futurio Extra WordPress plugin before 1.6.3 allows any logged in user, such as subscriber, to extract any other user's email address. | 4.0 |