RSS   Vulnerabilities for 'Futurio extra'   RSS

2022-02-14
 
CVE-2021-25109

CWE-89
 

 
The Futurio Extra WordPress plugin before 1.6.3 is affected by a SQL Injection vulnerability that could be used by high privilege users to extract data from the database as well as used to perform Cross-Site Scripting (XSS) against logged in admins by making send open a malicious link.

 
 
CVE-2021-25110

CWE-200
 

 
The Futurio Extra WordPress plugin before 1.6.3 allows any logged in user, such as subscriber, to extract any other user's email address.

 


Copyright 2024, cxsecurity.com

 

Back to Top