CVEs-PoC/2021/CVE-2021-25109.md

### [CVE-2021-25109](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25109)
![](https://img.shields.io/static/v1?label=Product&message=Futurio%20Extra&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=1.6.3%3C%201.6.3%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen)

### Description

The Futurio Extra WordPress plugin before 1.6.3 is affected by a SQL Injection vulnerability that could be used by high privilege users to extract data from the database as well as used to perform Cross-Site Scripting (XSS) against logged in admins by making send open a malicious link.

### POC

#### Reference
- https://wpscan.com/vulnerability/36261af9-3b34-4563-af3c-c9e54ae2d581

#### Github
- https://github.com/ARPSyndicate/cvemon