Vulnerabilities and security researches forwp-custom-cursors

CVE, Research URL: CVE-2023-5911
Home page URL: Security reports for WP Custom Cursors | WordPress Cursor Plugin
Application: WP Custom Cursors | WordPress Cursor Plugin
Date: Jan 09, 2024
Research Description: The WP Custom Cursors | WordPress Cursor Plugin WordPress plugin through 3.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2022-3151
Home page URL: Security reports for WP Custom Cursors | WordPress Cursor Plugin
Application: WP Custom Cursors | WordPress Cursor Plugin
Date: Oct 17, 2022
Research Description: The WP Custom Cursors WordPress plugin before 3.0.1 does not have CSRF check in place when deleting cursors, which could allow attackers to made a logged in admin delete arbitrary cursors via a CSRF attack.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2022-3149
Home page URL: Security reports for WP Custom Cursors | WordPress Cursor Plugin
Application: WP Custom Cursors | WordPress Cursor Plugin
Date: Oct 17, 2022
Research Description: The WP Custom Cursors WordPress plugin before 3.0.1 does not have CSRF check in place when creating and editing cursors, which could allow attackers to made a logged in admin perform such actions via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping in some of the cursor options, it could also lead to Stored Cross-Site Scripting
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2022-3150
Home page URL: Security reports for WP Custom Cursors | WordPress Cursor Plugin
Application: WP Custom Cursors | WordPress Cursor Plugin
Date: Oct 17, 2022
Research Description: The WP Custom Cursors WordPress plugin before 3.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privileged users such as admin
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2023-32739
Home page URL: Security reports for WP Custom Cursors | WordPress Cursor Plugin
Application: WP Custom Cursors | WordPress Cursor Plugin
Date: Nov 10, 2023
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in Web_Trendy WP Custom Cursors | WordPress Cursor Plugin plugin < 3.2 versions.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2023-2221
Home page URL: Security reports for WP Custom Cursors | WordPress Cursor Plugin
Application: WP Custom Cursors | WordPress Cursor Plugin
Date: Jun 19, 2023
Research Description: The WP Custom Cursors WordPress plugin before 3.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Admin.
Affected versions: Min -, max -.
Status: vulnerable

Vulnerabilities and security researches forwp-custom-cursors wp-custom-cursors