4 matches found
CVE-2022-3151
The CVE-2022-3151 entry concerns the WP Custom Cursors WordPress plugin prior to 3.0.1, which does not perform CSRF validation when deleting cursors. This lack of CSRF protection could allow a logged-in administrator to delete arbitrary cursors via a CSRF attack. Affected software: WP Custom Curs...
CVE-2022-3150
The CVE is for the WordPress plugin WP Custom Cursors, fixed in version 3.2. The vulnerability is an SQL injection caused by improper sanitization/escaping of a parameter before it is used in a SQL statement, allowing exploitation by high-privilege users (e.g., admins). Affected software: WP Cust...
CVE-2023-2221
The CVE-2023-2221 entry concerns the WordPress plugin WP Custom Cursors, prior to version 3.2. The vulnerability is an SQL injection caused by improper sanitisation/escaping of a parameter before it is used in a SQL statement, exploitable by users with a role as low as Admin. The affected softwar...
CVE-2022-3149
The CVE-2022-3149 entry covers the WP Custom Cursors WordPress plugin (