CVE-2021-25109

Name of the Vulnerable Software and Affected Versions Futurio Extra WordPress plugin versions prior to 1.6.3

Description The issue allows high privilege users to extract data from the database and perform Cross-Site Scripting (XSS) against logged in admins by making them open a malicious link. This is due to a SQL Injection vulnerability.

Recommendations For versions prior to 1.6.3, update to version 1.6.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's functionality for high privilege users until the update is applied.