Wp Custom Cursors Security Vulnerabilities and Issues — Wp Custom Cursors CVE List

Lucene search

Wp Custom Cursors ProjectWp Custom Cursors

4 matches found

CVE•added 2022/10/17 12:15 p.m.•47 views

CVE-2022-3151

The WP Custom Cursors WordPress plugin before 3.0.1 does not have CSRF check in place when deleting cursors, which could allow attackers to made a logged in admin delete arbitrary cursors via a CSRF attack.

4.3CVSS4.6AI score0.00067EPSS

CVE•added 2022/10/17 12:15 p.m.•46 views

CVE-2022-3150

The WP Custom Cursors WordPress plugin before 3.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privileged users such as admin

7.2CVSS7AI score0.00416EPSS

CVE•added 2023/06/19 11:15 a.m.•45 views

CVE-2023-2221

The WP Custom Cursors WordPress plugin before 3.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Admin.

7.2CVSS7.2AI score0.0017EPSS

CVE•added 2022/10/17 12:15 p.m.•43 views

CVE-2022-3149

The WP Custom Cursors WordPress plugin before 3.0.1 does not have CSRF check in place when creating and editing cursors, which could allow attackers to made a logged in admin perform such actions via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping in some of the cursor optio...

6.1CVSS6AI score0.00083EPSS