logo
Vulnerability feed
CONTRIBUTE

Vulnerability

warn

CVE-2022-3149

Reference to the description:

https://nvd.nist.gov/vuln/detail/CVE-2022-3149

Description:
The WP Custom Cursors WordPress plugin before 3.0.1 does not have CSRF check in place when creating and editing cursors, which could allow attackers to made a logged in admin perform such actions via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping in some of the cursor options, it could also lead to Stored Cross-Site Scripting
Last updated date:
10/21/2022
Type:
exploit
Confidence:
HIGH
Date of publishing:
10/21/2022
Reference url to background

https://wpscan.com/vulnerability/4c13a93d-2100-4721-8937-a1205378655f

Vulnerability FeedContributorsAboutBlog

@inTheWild

©2024

Privacy Policy