futuriowp CVE Vulnerabilities & Metrics

Focus on futuriowp vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About futuriowp Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with futuriowp. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total futuriowp CVEs: 7
Earliest CVE date: 14 Feb 2022, 12:15 UTC
Latest CVE date: 06 Dec 2024, 14:15 UTC

Latest CVE reference: CVE-2024-53802

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 4

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 300.0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 300.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical futuriowp CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 1.14

Max CVSS: 4.0

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	5
4.0-6.9	2
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS futuriowp CVEs

These are the five CVEs with the highest CVSS scores for futuriowp, sorted by severity first and recency.

CVE-2021-25110 futuriowp Published on 14 Feb 2022, 12:15 UTC (CVSS: 4.0)
The Futurio Extra WordPress plugin before 1.6.3 allows any logged in user, such as subscriber, to extract any other user's email address.
CVE-2021-25109 futuriowp Published on 14 Feb 2022, 12:15 UTC (CVSS: 4.0)
The Futurio Extra WordPress plugin before 1.6.3 is affected by a SQL Injection vulnerability that could be used by high privilege users to extract data from the database as well as used to perform Cross-Site Scripting (XSS) against logged in admins by making send open a malicious link.
CVE-2024-53802 futuriowp Published on 06 Dec 2024, 14:15 UTC (CVSS: 0)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FuturioWP Futurio Extra allows Stored XSS.This issue affects Futurio Extra: from n/a through 2.0.14.
CVE-2024-10695 futuriowp Published on 12 Nov 2024, 04:15 UTC (CVSS: 0)
The Futurio Extra plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.0.13 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts that they should not have access to.
CVE-2024-50446 futuriowp Published on 28 Oct 2024, 18:15 UTC (CVSS: 0)
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in FuturioWP Futurio Extra allows Stored XSS.This issue affects Futurio Extra: from n/a through 2.0.11.

All CVEs for futuriowp

CVE-2024-53802 futuriowp vulnerability CVSS: 0 06 Dec 2024, 14:15 UTC

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FuturioWP Futurio Extra allows Stored XSS.This issue affects Futurio Extra: from n/a through 2.0.14.

CVE-2024-10695 futuriowp vulnerability CVSS: 0 12 Nov 2024, 04:15 UTC

The Futurio Extra plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.0.13 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts that they should not have access to.

CVE-2024-50446 futuriowp vulnerability CVSS: 0 28 Oct 2024, 18:15 UTC

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in FuturioWP Futurio Extra allows Stored XSS.This issue affects Futurio Extra: from n/a through 2.0.11.

CVE-2024-5646 futuriowp vulnerability CVSS: 0 11 Jun 2024, 21:15 UTC

The Futurio Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘header_size’ attribute within the Advanced Text Block widget in all versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE-2023-40201 futuriowp vulnerability CVSS: 0 03 Oct 2023, 13:15 UTC

Cross-Site Request Forgery (CSRF) vulnerability in FuturioWP Futurio Extra plugin <= 1.8.4 versions leads to activation of arbitrary plugin.

CVE-2021-25110 futuriowp vulnerability CVSS: 4.0 14 Feb 2022, 12:15 UTC

The Futurio Extra WordPress plugin before 1.6.3 allows any logged in user, such as subscriber, to extract any other user's email address.

CVE-2021-25109 futuriowp vulnerability CVSS: 4.0 14 Feb 2022, 12:15 UTC

The Futurio Extra WordPress plugin before 1.6.3 is affected by a SQL Injection vulnerability that could be used by high privilege users to extract data from the database as well as used to perform Cross-Site Scripting (XSS) against logged in admins by making send open a malicious link.