Vulnerabilities > Futuriowp > Futurio Extra > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-12-06 CVE-2024-53802 Cross-site Scripting vulnerability in Futuriowp Futurio Extra
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FuturioWP Futurio Extra allows Stored XSS.This issue affects Futurio Extra: from n/a through 2.0.14.
network
low complexity
futuriowp CWE-79
5.4
5.4
2024-11-12 CVE-2024-10695 Authorization Bypass Through User-Controlled Key vulnerability in Futuriowp Futurio Extra
The Futurio Extra plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.0.13 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included.
network
low complexity
futuriowp CWE-639
4.3
4.3
2024-10-28 CVE-2024-50446 Cross-site Scripting vulnerability in Futuriowp Futurio Extra
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in FuturioWP Futurio Extra allows Stored XSS.This issue affects Futurio Extra: from n/a through 2.0.11.
network
low complexity
futuriowp CWE-79
5.4
5.4
2024-06-11 CVE-2024-5646 Cross-site Scripting vulnerability in Futuriowp Futurio Extra
The Futurio Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘header_size’ attribute within the Advanced Text Block widget in all versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping.
network
low complexity
futuriowp CWE-79
5.4
5.4
2022-02-14 CVE-2021-25110 Unspecified vulnerability in Futuriowp Futurio Extra
The Futurio Extra WordPress plugin before 1.6.3 allows any logged in user, such as subscriber, to extract any other user's email address.
network
low complexity
futuriowp
4.3
4.3