cleantalk
Vulnerabilities and Security Researches

WP Custom Cursors | WordPress Cursor Plugin, CVE-2023-2221

CVE, Research URL

CVE-2023-2221

Home page URL

Security reports for WP Custom Cursors | WordPress Cursor Plugin

Application

WP Custom Cursors | WordPress Cursor Plugin

Published on
Jun 19, 2023
Research Description
The WP Custom Cursors WordPress plugin before 3.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Admin.
Affected versions
Min -, max 3.2.
Status
vulnerable
Previous vulnerability researches
WP Custom Cursors | WordPress Cursor Plugin (CVE-2023-5911) , Jun 07, 2024
WP Custom Cursors | WordPress Cursor Plugin (CVE-2022-3151) , Jun 07, 2024
WP Custom Cursors | WordPress Cursor Plugin (CVE-2022-3149) , Jun 07, 2024
WP Custom Cursors | WordPress Cursor Plugin (CVE-2022-3150) , Jun 07, 2024
WP Custom Cursors | WordPress Cursor Plugin (CVE-2023-32739) , Jun 07, 2024
New vulnerability
Subaccounts for WooCommerce (CVE-2025-47461) , May 16, 2025
Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin (CVE-2025-47539) , May 16, 2025
Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin (CVE-2025-47445) , May 16, 2025
WP Job Portal – A Complete Job Board (CVE-2025-47438) , May 15, 2025
Uncanny Automator – Automate everything with the #1 automation, integration & webhooks plugin (CVE-2025-3623) , May 15, 2025