Lucene search
Chien VuongWPVDB-ID:6666688E-7239-4D40-A348-307CF8F3B657HistoryMay 24, 2023 - 12:00 a.m.
WP Custom Cursors < 3.2 - Admin+ SQLi
2023-05-2400:00:00
Chien Vuong
wpscan.com
7
sql injection
wordpress
admin privilege
0.001 Low
EPSS
Percentile
26.2%
The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Admin.
PoC
1. Add a new “WP Custom Cursor”. 2. Return to the “WP Custom Cursors” page and click edit Cursor. 3.The WP Custom Cursors plugin was vulnerable to SQL Injection in GET /wp-admin/admin.php?page=wpcc_add_new&edit;_row=(select*from(select(sleep(20)))a)
| CPE | Name | Operator | Version |
|---|---|---|---|
| wp-custom-cursors | lt | 3.2 |
Related
cvelist
cvelist
CVE-2023-2221 WP Custom Cursors < 3.2 - Admin+ SQLi
2023-06-19 10:52:42
prion
prion
Sql injection
2023-06-19 11:15:00
cve
cve
CVE-2023-2221
2023-06-19 11:15:09
nvd
nvd
CVE-2023-2221
2023-06-19 11:15:09
wpexploit
wpexploit
WP Custom Cursors < 3.2 - Admin+ SQLi
2023-05-24 00:00:00