Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for Futurio Extra by Unknown

    CVE-2021-25110 (GCVE-0-2021-25110)

    Vulnerability from nvd – Published: 2022-02-14 09:20 – Updated: 2024-08-03 19:56
    VLAI
    Title
    Futurio Extra < 1.6.3 - Subscriber+ User Email Address Disclosure
    Summary
    The Futurio Extra WordPress plugin before 1.6.3 allows any logged in user, such as subscriber, to extract any other user's email address.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Unknown Futurio Extra Affected: 1.6.3 , < 1.6.3 (custom)
    Create a notification for this product.
    Credits
    Krzysztof Zając
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:56:10.540Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/b655fc21-47a1-4786-8911-d78ab823c153"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Futurio Extra",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "1.6.3",
                  "status": "affected",
                  "version": "1.6.3",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Krzysztof Zaj\u0105c"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Futurio Extra WordPress plugin before 1.6.3 allows any logged in user, such as subscriber, to extract any other user\u0027s email address."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200 Information Exposure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-02-14T22:25:10.000Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wpscan.com/vulnerability/b655fc21-47a1-4786-8911-d78ab823c153"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Futurio Extra \u003c 1.6.3 - Subscriber+ User Email Address Disclosure",
          "x_generator": "WPScan CVE Generator",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "contact@wpscan.com",
              "ID": "CVE-2021-25110",
              "STATE": "PUBLIC",
              "TITLE": "Futurio Extra \u003c 1.6.3 - Subscriber+ User Email Address Disclosure"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Futurio Extra",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "1.6.3",
                                "version_value": "1.6.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Unknown"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Krzysztof Zaj\u0105c"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Futurio Extra WordPress plugin before 1.6.3 allows any logged in user, such as subscriber, to extract any other user\u0027s email address."
                }
              ]
            },
            "generator": "WPScan CVE Generator",
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-200 Information Exposure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wpscan.com/vulnerability/b655fc21-47a1-4786-8911-d78ab823c153",
                  "refsource": "MISC",
                  "url": "https://wpscan.com/vulnerability/b655fc21-47a1-4786-8911-d78ab823c153"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2021-25110",
        "datePublished": "2022-02-14T09:20:53.000Z",
        "dateReserved": "2021-01-14T00:00:00.000Z",
        "dateUpdated": "2024-08-03T19:56:10.540Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-25109 (GCVE-0-2021-25109)

    Vulnerability from nvd – Published: 2022-02-14 09:20 – Updated: 2024-08-03 19:56
    VLAI
    Title
    Futurio Extra < 1.6.3 - Authenticated SQL Injection
    Summary
    The Futurio Extra WordPress plugin before 1.6.3 is affected by a SQL Injection vulnerability that could be used by high privilege users to extract data from the database as well as used to perform Cross-Site Scripting (XSS) against logged in admins by making send open a malicious link.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Unknown Futurio Extra Affected: 1.6.3 , < 1.6.3 (custom)
    Create a notification for this product.
    Credits
    Jan w Oleju
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:56:10.564Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/36261af9-3b34-4563-af3c-c9e54ae2d581"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Futurio Extra",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "1.6.3",
                  "status": "affected",
                  "version": "1.6.3",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Jan w Oleju"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Futurio Extra WordPress plugin before 1.6.3 is affected by a SQL Injection vulnerability that could be used by high privilege users to extract data from the database as well as used to perform Cross-Site Scripting (XSS) against logged in admins by making send open a malicious link."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 SQL Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-02-14T09:20:52.000Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wpscan.com/vulnerability/36261af9-3b34-4563-af3c-c9e54ae2d581"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Futurio Extra \u003c 1.6.3 - Authenticated SQL Injection",
          "x_generator": "WPScan CVE Generator",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "contact@wpscan.com",
              "ID": "CVE-2021-25109",
              "STATE": "PUBLIC",
              "TITLE": "Futurio Extra \u003c 1.6.3 - Authenticated SQL Injection"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Futurio Extra",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "1.6.3",
                                "version_value": "1.6.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Unknown"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Jan w Oleju"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Futurio Extra WordPress plugin before 1.6.3 is affected by a SQL Injection vulnerability that could be used by high privilege users to extract data from the database as well as used to perform Cross-Site Scripting (XSS) against logged in admins by making send open a malicious link."
                }
              ]
            },
            "generator": "WPScan CVE Generator",
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-89 SQL Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wpscan.com/vulnerability/36261af9-3b34-4563-af3c-c9e54ae2d581",
                  "refsource": "MISC",
                  "url": "https://wpscan.com/vulnerability/36261af9-3b34-4563-af3c-c9e54ae2d581"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2021-25109",
        "datePublished": "2022-02-14T09:20:52.000Z",
        "dateReserved": "2021-01-14T00:00:00.000Z",
        "dateUpdated": "2024-08-03T19:56:10.564Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-25110 (GCVE-0-2021-25110)

    Vulnerability from cvelistv5 – Published: 2022-02-14 09:20 – Updated: 2024-08-03 19:56
    VLAI
    Title
    Futurio Extra < 1.6.3 - Subscriber+ User Email Address Disclosure
    Summary
    The Futurio Extra WordPress plugin before 1.6.3 allows any logged in user, such as subscriber, to extract any other user's email address.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Unknown Futurio Extra Affected: 1.6.3 , < 1.6.3 (custom)
    Create a notification for this product.
    Credits
    Krzysztof Zając
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:56:10.540Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/b655fc21-47a1-4786-8911-d78ab823c153"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Futurio Extra",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "1.6.3",
                  "status": "affected",
                  "version": "1.6.3",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Krzysztof Zaj\u0105c"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Futurio Extra WordPress plugin before 1.6.3 allows any logged in user, such as subscriber, to extract any other user\u0027s email address."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200 Information Exposure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-02-14T22:25:10.000Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wpscan.com/vulnerability/b655fc21-47a1-4786-8911-d78ab823c153"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Futurio Extra \u003c 1.6.3 - Subscriber+ User Email Address Disclosure",
          "x_generator": "WPScan CVE Generator",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "contact@wpscan.com",
              "ID": "CVE-2021-25110",
              "STATE": "PUBLIC",
              "TITLE": "Futurio Extra \u003c 1.6.3 - Subscriber+ User Email Address Disclosure"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Futurio Extra",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "1.6.3",
                                "version_value": "1.6.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Unknown"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Krzysztof Zaj\u0105c"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Futurio Extra WordPress plugin before 1.6.3 allows any logged in user, such as subscriber, to extract any other user\u0027s email address."
                }
              ]
            },
            "generator": "WPScan CVE Generator",
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-200 Information Exposure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wpscan.com/vulnerability/b655fc21-47a1-4786-8911-d78ab823c153",
                  "refsource": "MISC",
                  "url": "https://wpscan.com/vulnerability/b655fc21-47a1-4786-8911-d78ab823c153"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2021-25110",
        "datePublished": "2022-02-14T09:20:53.000Z",
        "dateReserved": "2021-01-14T00:00:00.000Z",
        "dateUpdated": "2024-08-03T19:56:10.540Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-25109 (GCVE-0-2021-25109)

    Vulnerability from cvelistv5 – Published: 2022-02-14 09:20 – Updated: 2024-08-03 19:56
    VLAI
    Title
    Futurio Extra < 1.6.3 - Authenticated SQL Injection
    Summary
    The Futurio Extra WordPress plugin before 1.6.3 is affected by a SQL Injection vulnerability that could be used by high privilege users to extract data from the database as well as used to perform Cross-Site Scripting (XSS) against logged in admins by making send open a malicious link.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Unknown Futurio Extra Affected: 1.6.3 , < 1.6.3 (custom)
    Create a notification for this product.
    Credits
    Jan w Oleju
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:56:10.564Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/36261af9-3b34-4563-af3c-c9e54ae2d581"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Futurio Extra",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "1.6.3",
                  "status": "affected",
                  "version": "1.6.3",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Jan w Oleju"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Futurio Extra WordPress plugin before 1.6.3 is affected by a SQL Injection vulnerability that could be used by high privilege users to extract data from the database as well as used to perform Cross-Site Scripting (XSS) against logged in admins by making send open a malicious link."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 SQL Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-02-14T09:20:52.000Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wpscan.com/vulnerability/36261af9-3b34-4563-af3c-c9e54ae2d581"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Futurio Extra \u003c 1.6.3 - Authenticated SQL Injection",
          "x_generator": "WPScan CVE Generator",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "contact@wpscan.com",
              "ID": "CVE-2021-25109",
              "STATE": "PUBLIC",
              "TITLE": "Futurio Extra \u003c 1.6.3 - Authenticated SQL Injection"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Futurio Extra",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "1.6.3",
                                "version_value": "1.6.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Unknown"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Jan w Oleju"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Futurio Extra WordPress plugin before 1.6.3 is affected by a SQL Injection vulnerability that could be used by high privilege users to extract data from the database as well as used to perform Cross-Site Scripting (XSS) against logged in admins by making send open a malicious link."
                }
              ]
            },
            "generator": "WPScan CVE Generator",
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-89 SQL Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wpscan.com/vulnerability/36261af9-3b34-4563-af3c-c9e54ae2d581",
                  "refsource": "MISC",
                  "url": "https://wpscan.com/vulnerability/36261af9-3b34-4563-af3c-c9e54ae2d581"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2021-25109",
        "datePublished": "2022-02-14T09:20:52.000Z",
        "dateReserved": "2021-01-14T00:00:00.000Z",
        "dateUpdated": "2024-08-03T19:56:10.564Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }