Lucene search
+L

19 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 10:54 p.m.16 views

CVE-2022-3150

The WP Custom Cursors WordPress plugin before 3.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privileged users such as admin...

7.2CVSS7.2AI score0.00921EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:13 p.m.8 views

CVE-2022-3149

The WP Custom Cursors WordPress plugin before 3.0.1 does not have CSRF check in place when creating and editing cursors, which could allow attackers to made a logged in admin perform such actions via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping in some of the cursor...

6.1CVSS6.5AI score0.00251EPSS
Exploits2References1
CVE
CVE
added 2024/01/08 7:0 p.m.82 views

CVE-2023-5911

The CVE-2023-5911 entry covers the WP Custom Cursors WordPress plugin (versions through 3.2). The issue is stored XSS caused by insufficient sanitization/escaping of certain settings, enabling high-privilege users (e.g., admins) to inject script even when unfiltered_html is disallowed (notably in...

4.8CVSS4.7AI score0.00335EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/01/08 7:0 p.m.4 views

CVE-2023-5911 WP Custom Cursors <= 3.2 - Admin+ Stored XSS

The WP Custom Cursors | WordPress Cursor Plugin WordPress plugin through 3.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...

5.8AI score0.00335EPSS
Exploits1References1
Prion
Prion
added 2023/11/09 9:15 p.m.15 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in WebTrendy WP Custom Cursors | WordPress Cursor Plugin plugin 3.2 versions...

6.8CVSS7.2AI score0.0028EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/11/09 8:56 p.m.74 views

CVE-2023-32739

CVE-2023-32739 concerns the Web_Trendy WP Custom Cursors (WordPress Cursor Plugin) vulnerable in versions prior to 3.2 to Cross-Site Request Forgery (CSRF). The NVD entry lists a CVSS v3.1 base score of 8.8 (HIGH) with NETWORK attack vector, low attack complexity, and user interaction required, a...

8.8CVSS8.9AI score0.0028EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/06/19 11:15 a.m.19 views

Sql injection

The WP Custom Cursors WordPress plugin before 3.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Admin...

5.8CVSS7.2AI score0.00945EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2023/06/19 10:52 a.m.58 views

CVE-2023-2221

The CVE-2023-2221 entry concerns the WordPress plugin WP Custom Cursors, prior to version 3.2. The vulnerability is an SQL injection caused by improper sanitisation/escaping of a parameter before it is used in a SQL statement, exploitable by users with a role as low as Admin. The affected softwar...

7.2CVSS7.2AI score0.00945EPSS
Exploits2References2Affected Software1
NVD
NVD
added 2022/10/17 12:15 p.m.35 views

CVE-2022-3150

The WP Custom Cursors WordPress plugin before 3.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privileged users such as admin...

7.2CVSS0.00921EPSS
Exploits2References1
Prion
Prion
added 2022/10/17 12:15 p.m.16 views

Cross site request forgery (csrf)

The WP Custom Cursors WordPress plugin before 3.0.1 does not have CSRF check in place when deleting cursors, which could allow attackers to made a logged in admin delete arbitrary cursors via a CSRF attack...

4.3CVSS4.7AI score0.00267EPSS
Exploits2References1Affected Software1
Prion
Prion
added 2022/10/17 12:15 p.m.16 views

Cross site scripting

The WP Custom Cursors WordPress plugin before 3.0.1 does not have CSRF check in place when creating and editing cursors, which could allow attackers to made a logged in admin perform such actions via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping in some of the cursor...

5.8CVSS6AI score0.00251EPSS
Exploits2References1Affected Software1
Positive Technologies
Positive Technologies
added 2022/10/17 12:0 a.m.9 views

PT-2022-20768 · WordPress · Wp Custom Cursors

Name of the Vulnerable Software and Affected Versions: WP Custom Cursors WordPress plugin versions prior to 3.2 Description: The issue is related to a SQL injection that occurs due to improper sanitization and escaping of a parameter before it is used in a SQL statement. This can be exploited by...

7.2CVSS7.1AI score0.00921EPSS
Exploits2References5
Vulnrichment
Vulnrichment
added 2022/10/17 12:0 a.m.7 views

CVE-2022-3150 WP Custom Cursors < 3.2 - Admin+ SQLi

The WP Custom Cursors WordPress plugin before 3.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privileged users such as admin...

7AI score0.00921EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2022/10/17 12:0 a.m.12 views

CVE-2022-3149 WP Custom Cursors < 3.0.1 - Stored Cross-Site Scripting via CSRF

The WP Custom Cursors WordPress plugin before 3.0.1 does not have CSRF check in place when creating and editing cursors, which could allow attackers to made a logged in admin perform such actions via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping in some of the cursor...

6AI score0.00251EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2022/10/17 12:0 a.m.13 views

CVE-2022-3151 WP Custom Cursors < 3.0.1 - Arbitrary Cursor Deletion via CSRF

The WP Custom Cursors WordPress plugin before 3.0.1 does not have CSRF check in place when deleting cursors, which could allow attackers to made a logged in admin delete arbitrary cursors via a CSRF attack...

4.6AI score0.00267EPSS
Exploits2References1
CVE
CVE
added 2022/10/17 12:0 a.m.59 views

CVE-2022-3150

The CVE is for the WordPress plugin WP Custom Cursors, fixed in version 3.2. The vulnerability is an SQL injection caused by improper sanitization/escaping of a parameter before it is used in a SQL statement, allowing exploitation by high-privilege users (e.g., admins). Affected software: WP Cust...

7.2CVSS7AI score0.00921EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2022/10/17 12:0 a.m.60 views

CVE-2022-3151

The CVE-2022-3151 entry concerns the WP Custom Cursors WordPress plugin prior to 3.0.1, which does not perform CSRF validation when deleting cursors. This lack of CSRF protection could allow a logged-in administrator to delete arbitrary cursors via a CSRF attack. Affected software: WP Custom Curs...

4.3CVSS4.6AI score0.00267EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2022/10/17 12:0 a.m.56 views

CVE-2022-3149

The CVE-2022-3149 entry covers the WP Custom Cursors WordPress plugin (

6.1CVSS6AI score0.00251EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/09/21 12:0 a.m.17 views

WP Custom Cursors < 3.0.1 - Stored Cross-Site Scripting via CSRF

The plugin does not have CSRF check in place when creating and editing cursors, which could allow attackers to made a logged in admin perform such actions via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping in some of the cursor options, it could also lead to Stored...

6.1CVSS0.7AI score0.00251EPSS
Exploits2Affected Software1
Rows per page
Query Builder