Wp Custom Cursors Project

Wp Custom Cursors

4 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.2

CVE-2023-2221

Exploit
  • EPSS 0.19%
  • Veröffentlicht 19.06.2023 11:15:09
  • Zuletzt bearbeitet 12.12.2024 21:15:06

The WP Custom Cursors WordPress plugin before 3.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Admin.

6.1

CVE-2022-3149

Exploit
  • EPSS 0.09%
  • Veröffentlicht 17.10.2022 12:15:10
  • Zuletzt bearbeitet 14.05.2025 16:15:22

The WP Custom Cursors WordPress plugin before 3.0.1 does not have CSRF check in place when creating and editing cursors, which could allow attackers to made a logged in admin perform such actions via CSRF attacks. Furthermore, due to the lack of sani...

7.2

CVE-2022-3150

Exploit
  • EPSS 1.01%
  • Veröffentlicht 17.10.2022 12:15:10
  • Zuletzt bearbeitet 14.05.2025 17:15:45

The WP Custom Cursors WordPress plugin before 3.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privileged users such as admin

4.3

CVE-2022-3151

Exploit
  • EPSS 0.11%
  • Veröffentlicht 17.10.2022 12:15:10
  • Zuletzt bearbeitet 14.05.2025 17:15:46

The WP Custom Cursors WordPress plugin before 3.0.1 does not have CSRF check in place when deleting cursors, which could allow attackers to made a logged in admin delete arbitrary cursors via a CSRF attack.