4 matches found
CVE-2024-5646 Futurio Extra <= 2.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Advanced Text Block Widget
The Futurio Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘headersize’ attribute within the Advanced Text Block widget in all versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
CVE-2024-5646 Futurio Extra <= 2.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Advanced Text Block Widget
The Futurio Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘headersize’ attribute within the Advanced Text Block widget in all versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
CVE-2024-5646
CVE-2024-5646 affects Futurio Extra for WordPress: stored XSS via the header_size field in the Advanced Text Block widget, exploitable by authenticated users with Contributor+ on all versions up to 2.0.5. Patch 2.0.6 fixes the issue; upgrade is required. If patch unavailable in your environment, ...
WordPress Futurio Extra Plugin <= 2.0.5 is vulnerable to Cross Site Scripting (XSS)
Software Futurio Extra Type Plugin Vulnerable versions = 2.0.5 Fixed in 2.0.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5646 Patch priority Low CVSS severity Low 6.5 Developer FuturioWP PSID ebce01258690 Credits wesley wcraft Required privilege...