CVE-2023-2221

State: PUBLISHED · Published: 2023-06-19 · Updated: 2024-12-12 · Assigner: WPScan

Description

The WP Custom Cursors WordPress plugin before 3.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Admin.

CWE

(none)

Affected

Unknown / WP Custom Cursors | WordPress Cursor Plugin — v=0 <3.2 [affected]

CVSS

(none)

References

https://wpscan.com/vulnerability/6666688e-7239-4d40-a348-307cf8f3b657 exploit, vdb-entry, technical-description

Source

cvelistV5-main/cves/2023/2xxx/CVE-2023-2221.json