cleantalk
Vulnerabilities and Security Researches

WP Custom Cursors | WordPress Cursor Plugin, CVE-2023-2221

CVE, Research URL

CVE-2023-2221

Home page URL

Security reports for WP Custom Cursors | WordPress Cursor Plugin

Application

WP Custom Cursors | WordPress Cursor Plugin

Published on
Jun 19, 2023
Research Description
The WP Custom Cursors WordPress plugin before 3.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Admin.
Affected versions
Min -, max 3.2.
Status
vulnerable
Previous vulnerability researches
WP Custom Cursors | WordPress Cursor Plugin (CVE-2023-5911) , Jun 07, 2024
WP Custom Cursors | WordPress Cursor Plugin (CVE-2022-3151) , Jun 07, 2024
WP Custom Cursors | WordPress Cursor Plugin (CVE-2022-3149) , Jun 07, 2024
WP Custom Cursors | WordPress Cursor Plugin (CVE-2022-3150) , Jun 07, 2024
WP Custom Cursors | WordPress Cursor Plugin (CVE-2023-32739) , Jun 07, 2024
New vulnerability
CM Ad Changer – Ad Manager and Ad Server (CVE-2025-46245) , Apr 24, 2025
Anything Popup (CVE-2025-39397) , Apr 24, 2025
Simple Download Counter (CVE-2025-46240) , Apr 24, 2025
Textmetrics (CVE-2025-46229) , Apr 24, 2025
World first Lifetime free Form Builder for WordPress (CVE-2025-46250) , Apr 24, 2025