The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Admin.
1. Add a new “WP Custom Cursor”. 2. Return to the “WP Custom Cursors” page and click edit Cursor. 3.The WP Custom Cursors plugin was vulnerable to SQL Injection in GET /wp-admin/admin.php?page=wpcc_add_new&edit;_row=(select*from(select(sleep(20)))a)
CPE | Name | Operator | Version |
---|---|---|---|
wp-custom-cursors | lt | 3.2 |