37 matches found
CVE-2022-3150
The WP Custom Cursors WordPress plugin before 3.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privileged users such as admin...
CVE-2022-3149
The WP Custom Cursors WordPress plugin before 3.0.1 does not have CSRF check in place when creating and editing cursors, which could allow attackers to made a logged in admin perform such actions via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping in some of the cursor...
CVE-2023-5911
The WP Custom Cursors | WordPress Cursor Plugin WordPress plugin through 3.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...
CVE-2023-5911
The CVE-2023-5911 entry covers the WP Custom Cursors WordPress plugin (versions through 3.2). The issue is stored XSS caused by insufficient sanitization/escaping of certain settings, enabling high-privilege users (e.g., admins) to inject script even when unfiltered_html is disallowed (notably in...
CVE-2023-5911 WP Custom Cursors <= 3.2 - Admin+ Stored XSS
The WP Custom Cursors | WordPress Cursor Plugin WordPress plugin through 3.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...
WordPress Plugin WP Custom Cursors Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
WP Custom Cursors <= 3.2 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup The PoC will be displayed on February...
CVE-2023-32739
Cross-Site Request Forgery CSRF vulnerability in WebTrendy WP Custom Cursors | WordPress Cursor Plugin plugin 3.2 versions...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in WebTrendy WP Custom Cursors | WordPress Cursor Plugin plugin 3.2 versions...
CVE-2023-32739 WordPress WP Custom Cursors Plugin < 3.2 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in WebTrendy WP Custom Cursors | WordPress Cursor Plugin plugin 3.2 versions...
CVE-2023-32739
CVE-2023-32739 concerns the Web_Trendy WP Custom Cursors (WordPress Cursor Plugin) vulnerable in versions prior to 3.2 to Cross-Site Request Forgery (CSRF). The NVD entry lists a CVSS v3.1 base score of 8.8 (HIGH) with NETWORK attack vector, low attack complexity, and user interaction required, a...
WordPress Plugin WP Custom Cursors | WordPress Cursor Plugin Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
PT-2023-23986 · WordPress · Web Trendy Wp Custom Cursors
Name of the Vulnerable Software and Affected Versions: Web Trendy WP Custom Cursors | WordPress Cursor Plugin versions prior to 3.2 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing...
Sql injection
The WP Custom Cursors WordPress plugin before 3.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Admin...
CVE-2023-2221
The CVE-2023-2221 entry concerns the WordPress plugin WP Custom Cursors, prior to version 3.2. The vulnerability is an SQL injection caused by improper sanitisation/escaping of a parameter before it is used in a SQL statement, exploitable by users with a role as low as Admin. The affected softwar...
WordPress plugin WP Custom Cursors SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerability exist...
WordPress WP Custom Cursors Plugin < 3.2 is vulnerable to SQL Injection
Software WP Custom Cursors Type Plugin Vulnerable versions 3.2 Fixed in 3.2 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-2221 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 57dc3e3d3d93 Credits Chien Vuong Required privilege Administrator Published...
WordPress WP Custom Cursors Plugin < 3.2 is vulnerable to Cross Site Request Forgery (CSRF)
Software WP Custom Cursors Type Plugin Vulnerable versions 3.2 Fixed in 3.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-32739 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 679ea1f407cc Credits Mika Required privilege...
CVE-2022-3151
The WP Custom Cursors WordPress plugin before 3.0.1 does not have CSRF check in place when deleting cursors, which could allow attackers to made a logged in admin delete arbitrary cursors via a CSRF attack...
CVE-2022-3150
The WP Custom Cursors WordPress plugin before 3.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privileged users such as admin...