Futuriowp: >> Futurio Extra >> 2.0.11 Security Vulnerabilities
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FuturioWP Futurio Extra allows Stored XSS.This issue affects Futurio Extra: from n/a through 2.0.14.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-12-06
The Futurio Extra plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.0.13 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts that they should not have access to.
CVSS Score
4.3
EPSS Score
0.001
Published
2024-11-12
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in FuturioWP Futurio Extra allows Stored XSS.This issue affects Futurio Extra: from n/a through 2.0.11.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-10-28