WordPress Plugin Vulnerabilities

Futurio Extra < 1.6.3 - Subscriber+ User Email Address Disclosure

Description

The plugin allows any logged in user, such as subscriber, to extract any other user's email address.

Proof of Concept

Affects Plugins

Plugin icon
futurio-extra
Fixed in 1.6.3

References

CVE
CVE-2021-25110

Classification

Type
SENSITIVE DATA DISCLOSURE
OWASP top 10
A3: Sensitive Data Exposure
CWE
CWE-200
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Krzysztof Zając
Submitter
Krzysztof Zając
Submitter website
https://kazet.cc/
Verified
Yes
WPVDB ID
b655fc21-47a1-4786-8911-d78ab823c153

Timeline

Publicly Published
2022-01-14 (about 3 years ago)
Added
2022-01-14 (about 3 years ago)
Last Updated
2022-04-12 (about 3 years ago)

Other

Published
Title
Published
2023-12-18
Title
Clone < 2.4.3 - Unauthenticated Backup Download
Published
2022-01-03
Title
Document Embedder < 1.7.9 - Subscriber+ Arbitrary Private/Draft Post Title Disclosure
Published
2025-05-07
Title
Mail Mint < 1.17.8 - Unauthenticated Sensitive Information Exposure
Published
2025-08-20
Title
Templately < 3.2.8 - Authenticated (Author+) Information Disclosure
Published
2024-03-29
Title
FG PrestaShop to WooCommerce < 4.47.0 - Unauthenticated Sensitive Information Disclosure