VYPR

Wp Custom Cursors

by WordPress

CVEs (6)

  • CVE-2023-2221HigJun 19, 2023
    risk 0.47cvss 7.2epss 0.01

    The WP Custom Cursors WordPress plugin before 3.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Admin.

  • CVE-2022-3150HigOct 17, 2022
    risk 0.47cvss 7.2epss 0.01

    The WP Custom Cursors WordPress plugin before 3.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privileged users such as admin

  • CVE-2022-3149MedOct 17, 2022
    risk 0.40cvss 6.1epss 0.00

    The WP Custom Cursors WordPress plugin before 3.0.1 does not have CSRF check in place when creating and editing cursors, which could allow attackers to made a logged in admin perform such actions via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping in some…

  • CVE-2023-5911MedJan 8, 2024
    risk 0.31cvss 4.8epss 0.00

    The WP Custom Cursors | WordPress Cursor Plugin WordPress plugin through 3.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is…

  • CVE-2023-32739MedNov 9, 2023
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Web_Trendy WP Custom Cursors | WordPress Cursor Plugin plugin < 3.2 versions.

  • CVE-2022-3151MedOct 17, 2022
    risk 0.28cvss 4.3epss 0.00

    The WP Custom Cursors WordPress plugin before 3.0.1 does not have CSRF check in place when deleting cursors, which could allow attackers to made a logged in admin delete arbitrary cursors via a CSRF attack.