CVE-2021-25109

CVE-2021-25109: Futurio Extra < 1.6.3 - Authenticated SQL Injection

Vendor Unknown

Product Futurio Extra

Weakness CWE-89 · SQLi

Published February 14, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Futurio Extra WordPress plugin before 1.6.3 is affected by a SQL Injection vulnerability that could be used by high privilege users to extract data from the database as well as used to perform Cross-Site Scripting (XSS) against logged in admins by making send open a malicious link.

Key dates

02Disclosure timeline

February 14, 2022 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-25109

Related vulnerabilities

04Related CVE

CVE-2026-1479 Out-of-band SQL injection in Quatuor Performance Evaluation CVE-2025-10862 Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers <= 2.1.3 - Unauthenticated SQL Injection via 'id' CVE-2024-37896 SQL injection vulnerability in Gin-vue-admin CVE-2021-24345 Sendit WP Newsletter <= 2.5.1 - Authenticated (admin+) SQL Injection CVE-2024-3455 Netentsec NS-ASG Application Security Gateway add_postlogin.php sql injection