1.6.3

DATE	CVE	VULNERABILITY TITLE	RISK
2024-12-06	CVE-2024-53802	Cross-site Scripting vulnerability in Futuriowp Futurio Extra Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FuturioWP Futurio Extra allows Stored XSS.This issue affects Futurio Extra: from n/a through 2.0.14. network low complexity futuriowp CWE-79	5.4
2024-11-12	CVE-2024-10695	Authorization Bypass Through User-Controlled Key vulnerability in Futuriowp Futurio Extra The Futurio Extra plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.0.13 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. network low complexity futuriowp CWE-639	4.3
2024-10-28	CVE-2024-50446	Cross-site Scripting vulnerability in Futuriowp Futurio Extra Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in FuturioWP Futurio Extra allows Stored XSS.This issue affects Futurio Extra: from n/a through 2.0.11. network low complexity futuriowp CWE-79	5.4
2024-06-11	CVE-2024-5646	Cross-site Scripting vulnerability in Futuriowp Futurio Extra The Futurio Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘header_size’ attribute within the Advanced Text Block widget in all versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping. network low complexity futuriowp CWE-79	5.4
2023-10-03	CVE-2023-40201	Unspecified vulnerability in Futuriowp Futurio Extra Cross-Site Request Forgery (CSRF) vulnerability in FuturioWP Futurio Extra plugin <= 1.8.4 versions leads to activation of arbitrary plugin. network low complexity futuriowp	8.8