cleantalk
Vulnerabilities and Security Researches

WP Custom Cursors | WordPress Cursor Plugin, CVE-2022-3151

CVE, Research URL

CVE-2022-3151

Home page URL

Security reports for WP Custom Cursors | WordPress Cursor Plugin

Application

WP Custom Cursors | WordPress Cursor Plugin

Published on
Oct 17, 2022
Research Description
The WP Custom Cursors WordPress plugin before 3.0.1 does not have CSRF check in place when deleting cursors, which could allow attackers to made a logged in admin delete arbitrary cursors via a CSRF attack.
Affected versions
Min -, max 3.0.1.
Status
vulnerable
Previous vulnerability researches
WP Custom Cursors | WordPress Cursor Plugin (CVE-2023-5911) , Jun 07, 2024
WP Custom Cursors | WordPress Cursor Plugin (CVE-2022-3151) , Jun 07, 2024
WP Custom Cursors | WordPress Cursor Plugin (CVE-2022-3149) , Jun 07, 2024
WP Custom Cursors | WordPress Cursor Plugin (CVE-2022-3150) , Jun 07, 2024
WP Custom Cursors | WordPress Cursor Plugin (CVE-2023-32739) , Jun 07, 2024
New vulnerability
Uncanny Automator – Automate everything with the #1 automation, integration & webhooks plugin (CVE-2025-3623) , May 15, 2025
Uncanny Automator – Automate everything with the #1 automation, integration & webhooks plugin (CVE-2025-4520) , May 15, 2025
WP Content Security Plugin (CVE-2025-4579) , May 15, 2025
B2i Investor Tools (CVE-2025-47458) , May 15, 2025
UiPress lite | Effortless custom dashboards, admin themes and pages (CVE-2025-3053) , May 15, 2025