cleantalk
Vulnerabilities and Security Researches

WP Custom Cursors | WordPress Cursor Plugin, CVE-2022-3151

CVE, Research URL

CVE-2022-3151

Home page URL

Security reports for WP Custom Cursors | WordPress Cursor Plugin

Application

WP Custom Cursors | WordPress Cursor Plugin

Published on
Oct 17, 2022
Research Description
The WP Custom Cursors WordPress plugin before 3.0.1 does not have CSRF check in place when deleting cursors, which could allow attackers to made a logged in admin delete arbitrary cursors via a CSRF attack.
Affected versions
Min -, max 3.0.1.
Status
vulnerable
Previous vulnerability researches
WP Custom Cursors | WordPress Cursor Plugin (CVE-2023-5911) , Jun 07, 2024
WP Custom Cursors | WordPress Cursor Plugin (CVE-2022-3151) , Jun 07, 2024
WP Custom Cursors | WordPress Cursor Plugin (CVE-2022-3149) , Jun 07, 2024
WP Custom Cursors | WordPress Cursor Plugin (CVE-2022-3150) , Jun 07, 2024
WP Custom Cursors | WordPress Cursor Plugin (CVE-2023-32739) , Jun 07, 2024
New vulnerability
World first Lifetime free Form Builder for WordPress (CVE-2025-46250) , Apr 24, 2025
Watu Quiz (CVE-2025-46242) , Apr 24, 2025
Link Library (CVE-2025-46237) , Apr 24, 2025
Front End Users (CVE-2024-13569) , Apr 24, 2025
Simple calendar for Elementor (CVE-2025-46249) , Apr 24, 2025