Threat Entry Updated 2024-12-12

CVE-2023-2221 - Wp Custom Cursors Plugin

The WP Custom Cursors WordPress plugin before 3.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Admin.

PLUGIN Wp Custom Cursors

CVE-2023-2221

HIGH CVSS 7.2 2023-06-19

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2025-05-14

CVE-2022-3150 - Wp Custom Cursors Plugin

The WP Custom Cursors WordPress plugin before 3.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privileged users such as admin

PLUGIN Wp Custom Cursors

CVE-2022-3150

HIGH CVSS 7.2 2022-10-17

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2025-05-14

CVE-2022-3149 - Wp Custom Cursors Plugin

The WP Custom Cursors WordPress plugin before 3.0.1 does not have CSRF check in place when creating and editing cursors, which could allow attackers to made a logged in admin perform such actions via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping in some of the cursor options, it could also lead to Stored Cross-Site Scripting

PLUGIN Wp Custom Cursors

CVE-2022-3149

MEDIUM CVSS 6.1 2022-10-17

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2025-05-14

CVE-2022-3151 - Wp Custom Cursors Plugin

The WP Custom Cursors WordPress plugin before 3.0.1 does not have CSRF check in place when deleting cursors, which could allow attackers to made a logged in admin delete arbitrary cursors via a CSRF attack.

PLUGIN Wp Custom Cursors

CVE-2022-3151

MEDIUM CVSS 4.3 2022-10-17

Risk Score

Open Full Technical Breakdown