The WP Custom Cursors WordPress plugin before 3.0.1 does not have CSRF check in place when creating and editing cursors, which could allow attackers to made a logged in admin perform such actions via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping in some of the cursor options, it could also lead to Stored Cross-Site Scripting
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2022-10-17T00:00:00
Updated: 2024-08-03T01:00:10.535Z
Reserved: 2022-09-07T00:00:00
Link: CVE-2022-3149
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-10-17T12:15:10.340
Modified: 2024-11-21T07:18:55.770
Link: CVE-2022-3149
Redhat
No data.