cleantalk
Vulnerabilities and Security Researches

WP Custom Cursors | WordPress Cursor Plugin, CVE-2022-3150

CVE, Research URL

CVE-2022-3150

Home page URL

Security reports for WP Custom Cursors | WordPress Cursor Plugin

Application

WP Custom Cursors | WordPress Cursor Plugin

Published on
Oct 17, 2022
Research Description
The WP Custom Cursors WordPress plugin before 3.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privileged users such as admin
Affected versions
Min -, max 3.2.
Status
vulnerable
Previous vulnerability researches
WP Custom Cursors | WordPress Cursor Plugin (CVE-2023-5911) , Jun 07, 2024
WP Custom Cursors | WordPress Cursor Plugin (CVE-2022-3151) , Jun 07, 2024
WP Custom Cursors | WordPress Cursor Plugin (CVE-2022-3149) , Jun 07, 2024
WP Custom Cursors | WordPress Cursor Plugin (CVE-2022-3150) , Jun 07, 2024
WP Custom Cursors | WordPress Cursor Plugin (CVE-2023-32739) , Jun 07, 2024
New vulnerability
Uncanny Automator – Automate everything with the #1 automation, integration & webhooks plugin (CVE-2025-3623) , May 15, 2025
Uncanny Automator – Automate everything with the #1 automation, integration & webhooks plugin (CVE-2025-4520) , May 15, 2025
WP Content Security Plugin (CVE-2025-4579) , May 15, 2025
B2i Investor Tools (CVE-2025-47458) , May 15, 2025
UiPress lite | Effortless custom dashboards, admin themes and pages (CVE-2025-3053) , May 15, 2025