EUVD-2021-12022

Malware in sbrugna...

EUVD-2024-33250

Malicious code in bioql PyPI...

EUVD-2024-46825

Malicious code in bioql PyPI...

CVE-2024-5646

The Futurio Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘headersize’ attribute within the Advanced Text Block widget in all versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2021-25110

The Futurio Extra WordPress plugin before 1.6.3 allows any logged in user, such as subscriber, to extract any other user's email address...

CVE-2024-10695

The Futurio Extra plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.0.13 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with...

WordPress Futurio Extra Plugin <= 2.0.13 is vulnerable to Broken Access Control

Software Futurio Extra Type Plugin Vulnerable versions = 2.0.13 Fixed in 2.0.14 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-10695 Patch priority Low CVSS severity Low 4.3 Developer FuturioWP PSID 162172e1702f Credits Francesco Carlucci Required privile...

WordPress Futurio Extra plugin <= 2.0.11 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin Futurio Extra versions = 2.0.11...

CVE-2024-5646

The Futurio Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘headersize’ attribute within the Advanced Text Block widget in all versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2024-5646

The Futurio Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘headersize’ attribute within the Advanced Text Block widget in all versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

PT-2024-36819 · WordPress · Futurio Extra

Name of the Vulnerable Software and Affected Versions: Futurio Extra plugin for WordPress versions up to, and including, 2.0.5 Description: The issue is related to Stored Cross-Site Scripting via the header size attribute within the Advanced Text Block widget due to insufficient input sanitizatio...

CVE-2023-40201

Cross-Site Request Forgery CSRF vulnerability in FuturioWP Futurio Extra plugin = 1.8.4 versions leads to activation of arbitrary plugin...

CVE-2023-40201 WordPress Futurio Extra Plugin <= 1.8.4 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in FuturioWP Futurio Extra plugin = 1.8.4 versions leads to activation of arbitrary plugin...

PT-2023-27320 · WordPress · Futurio Extra

Name of the Vulnerable Software and Affected Versions: FuturioWP Futurio Extra plugin versions 1.8.4 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows the activation of arbitrary plugins. This can be exploited by tricking a user into performing...

WordPress Futurio Extra Plugin <= 1.9.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Futurio Extra Type Plugin Vulnerable versions = 1.9.0 Fixed in 1.9.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-40201 Patch priority Low CVSS severity Low 6.5 Developer FuturioWP PSID 9786201b3e26 Credits István Márton Required...

WordPress Futurio Extra plugin SQL injection vulnerability

WordPress is a blogging platform developed by the Wordpress Foundation using the PHP language. A SQL injection vulnerability exists in versions of the WordPress Futurio Extra plugin prior to 1.6.3, which stems from a lack of filtering and escaping of SQL data submitted by users. A highly privileg...

WordPress和WordPress plugin 信息泄露漏洞

WordPress is a set of blogging platforms developed by the WordPress Wordpress Foundation using the PHP language. The platform supports the hosting of personal blog sites on servers with PHP and MySQL. An information disclosure vulnerability exists in versions of WordPress Futurio Extra plugin pri...

WordPress和WordPress plugin SQL注入漏洞

WordPress is a blogging platform developed by the Wordpress Foundation using the PHP language. A SQL injection vulnerability exists in versions of the WordPress Futurio Extra plugin prior to 1.6.3, which stems from a lack of filtering and escaping of SQL data submitted by users. A highly privileg...