WP Custom Cursors by Web_Trendy

WP Custom Cursors by Web_Trendy <= 3.0.0 - Admin+ SQLi

LANACOMMONVDB ID: 02451c8b-6835-4142-9275-acaed518c60b

The plugin does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privileged users such as admin.

You must be log in to view vulnerability details.

Or register a new account.

References

Source Code: https://wordpress.org/plugins/wp-custom-cursors/

CVE: CVE-2022-3150

Attributes

Catgory: WordPress Plugin

Discovered: 2022-09-07

Published: 2022-09-21

Affected Version: <= 3.0.0

Classification

Type: SQL Injection

Researcher

Name: István Márton

Email: [email protected]

Support Us?

We would truly appreciate it if you bought us a bunny (food for a snow leopard).