cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-32739,https://securityvulnerability.io/vulnerability/CVE-2023-32739,WordPress WP Custom Cursors Plugin < 3.2 is vulnerable to Cross Site Request Forgery (CSRF),"A Cross-Site Request Forgery (CSRF) vulnerability exists in versions lower than 3.2 of the Web_Trendy WP Custom Cursors Plugin for WordPress. This flaw allows attackers to perform unwanted actions on behalf of authenticated users, potentially compromising the security and integrity of the site. Proper precautions and updates are essential to mitigate this risk and safeguard user data.",Wordpress,WP Custom Cursors | WordPress Cursor Plugin,8.8,HIGH,0.0008699999889358878,false,,false,false,false,,false,false,2023-11-09T21:15:00.000Z,0
CVE-2023-2221,https://securityvulnerability.io/vulnerability/CVE-2023-2221,WP Custom Cursors < 3.2 - Admin+ SQLi,"The WP Custom Cursors WordPress plugin, prior to version 3.2, fails to properly sanitize and escape parameters before including them in SQL queries. This oversight permits SQL injection attacks, which malicious users with administrative privileges can exploit to manipulate the database, potentially gaining unauthorized access to sensitive data or performing unauthorized actions.",Wordpress,WP Custom Cursors | WordPress Cursor Plugin,7.2,HIGH,0.0009399999980814755,false,,false,false,false,,false,false,2023-06-19T11:15:00.000Z,0
CVE-2022-3151,https://securityvulnerability.io/vulnerability/CVE-2022-3151,WP Custom Cursors < 3.0.1 - Arbitrary Cursor Deletion via CSRF,"The WP Custom Cursors WordPress plugin before 3.0.1 does not have CSRF check in place when deleting cursors, which could allow attackers to made a logged in admin delete arbitrary cursors via a CSRF attack.",Wordpress,WP Custom Cursors,4.3,MEDIUM,0.0006200000061653554,false,,false,false,false,,false,false,2022-10-17T00:00:00.000Z,0
CVE-2022-3149,https://securityvulnerability.io/vulnerability/CVE-2022-3149,WP Custom Cursors < 3.0.1 - Stored Cross-Site Scripting via CSRF,"The WP Custom Cursors WordPress plugin before 3.0.1 does not have CSRF check in place when creating and editing cursors, which could allow attackers to made a logged in admin perform such actions via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping in some of the cursor options, it could also lead to Stored Cross-Site Scripting",Wordpress,WP Custom Cursors,6.1,MEDIUM,0.0007600000244565308,false,,false,false,false,,false,false,2022-10-17T00:00:00.000Z,0
CVE-2022-3150,https://securityvulnerability.io/vulnerability/CVE-2022-3150,WP Custom Cursors < 3.2 - Admin+ SQLi,"The WP Custom Cursors WordPress plugin before 3.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privileged users such as admin",Wordpress,WP Custom Cursors | WordPress Cursor Plugin,7.2,HIGH,0.0011399999493733048,false,,false,false,false,,false,false,2022-10-17T00:00:00.000Z,0