Vulnerabilities > CVE-2022-3149 - Unspecified vulnerability in WP Custom Cursors Project WP Custom Cursors

CVSS 6.1 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

wp-custom-cursors-project

NVD

Published: 2022-10-17

Updated: 2024-11-21

Summary

The WP Custom Cursors WordPress plugin before 3.0.1 does not have CSRF check in place when creating and editing cursors, which could allow attackers to made a logged in admin perform such actions via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping in some of the cursor options, it could also lead to Stored Cross-Site Scripting

Vulnerable Configurations

Part	Description	Count
Application	Wp_Custom_Cursors_Project WP Custom Cursors Project WP Custom Cursors *	1

References

https://wpscan.com/vulnerability/4c13a93d-2100-4721-8937-a1205378655f
https://wpscan.com/vulnerability/4c13a93d-2100-4721-8937-a1205378655f