19 matches found
CVE-2022-3150
The WP Custom Cursors WordPress plugin before 3.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privileged users such as admin...
CVE-2022-3149
The WP Custom Cursors WordPress plugin before 3.0.1 does not have CSRF check in place when creating and editing cursors, which could allow attackers to made a logged in admin perform such actions via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping in some of the cursor...
CVE-2023-5911
The CVE-2023-5911 entry covers the WP Custom Cursors WordPress plugin (versions through 3.2). The issue is stored XSS caused by insufficient sanitization/escaping of certain settings, enabling high-privilege users (e.g., admins) to inject script even when unfiltered_html is disallowed (notably in...
CVE-2023-5911 WP Custom Cursors <= 3.2 - Admin+ Stored XSS
The WP Custom Cursors | WordPress Cursor Plugin WordPress plugin through 3.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in WebTrendy WP Custom Cursors | WordPress Cursor Plugin plugin 3.2 versions...
CVE-2023-32739
CVE-2023-32739 concerns the Web_Trendy WP Custom Cursors (WordPress Cursor Plugin) vulnerable in versions prior to 3.2 to Cross-Site Request Forgery (CSRF). The NVD entry lists a CVSS v3.1 base score of 8.8 (HIGH) with NETWORK attack vector, low attack complexity, and user interaction required, a...
Sql injection
The WP Custom Cursors WordPress plugin before 3.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Admin...
CVE-2023-2221
The CVE-2023-2221 entry concerns the WordPress plugin WP Custom Cursors, prior to version 3.2. The vulnerability is an SQL injection caused by improper sanitisation/escaping of a parameter before it is used in a SQL statement, exploitable by users with a role as low as Admin. The affected softwar...
CVE-2022-3150
The WP Custom Cursors WordPress plugin before 3.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privileged users such as admin...
Cross site request forgery (csrf)
The WP Custom Cursors WordPress plugin before 3.0.1 does not have CSRF check in place when deleting cursors, which could allow attackers to made a logged in admin delete arbitrary cursors via a CSRF attack...
Cross site scripting
The WP Custom Cursors WordPress plugin before 3.0.1 does not have CSRF check in place when creating and editing cursors, which could allow attackers to made a logged in admin perform such actions via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping in some of the cursor...
PT-2022-20768 · WordPress · Wp Custom Cursors
Name of the Vulnerable Software and Affected Versions: WP Custom Cursors WordPress plugin versions prior to 3.2 Description: The issue is related to a SQL injection that occurs due to improper sanitization and escaping of a parameter before it is used in a SQL statement. This can be exploited by...
CVE-2022-3150 WP Custom Cursors < 3.2 - Admin+ SQLi
The WP Custom Cursors WordPress plugin before 3.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privileged users such as admin...
CVE-2022-3149 WP Custom Cursors < 3.0.1 - Stored Cross-Site Scripting via CSRF
The WP Custom Cursors WordPress plugin before 3.0.1 does not have CSRF check in place when creating and editing cursors, which could allow attackers to made a logged in admin perform such actions via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping in some of the cursor...
CVE-2022-3151 WP Custom Cursors < 3.0.1 - Arbitrary Cursor Deletion via CSRF
The WP Custom Cursors WordPress plugin before 3.0.1 does not have CSRF check in place when deleting cursors, which could allow attackers to made a logged in admin delete arbitrary cursors via a CSRF attack...
CVE-2022-3150
The CVE is for the WordPress plugin WP Custom Cursors, fixed in version 3.2. The vulnerability is an SQL injection caused by improper sanitization/escaping of a parameter before it is used in a SQL statement, allowing exploitation by high-privilege users (e.g., admins). Affected software: WP Cust...
CVE-2022-3151
The CVE-2022-3151 entry concerns the WP Custom Cursors WordPress plugin prior to 3.0.1, which does not perform CSRF validation when deleting cursors. This lack of CSRF protection could allow a logged-in administrator to delete arbitrary cursors via a CSRF attack. Affected software: WP Custom Curs...
CVE-2022-3149
The CVE-2022-3149 entry covers the WP Custom Cursors WordPress plugin (
WP Custom Cursors < 3.0.1 - Stored Cross-Site Scripting via CSRF
The plugin does not have CSRF check in place when creating and editing cursors, which could allow attackers to made a logged in admin perform such actions via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping in some of the cursor options, it could also lead to Stored...