CVE-2022-3151

CVE-2022-3151: WP Custom Cursors < 3.0.1 - Arbitrary Cursor Deletion via CSRF

Vendor Unknown
Product WP Custom Cursors
Weakness CWE-352 · CSRF
Published October 17, 2022
Last update May 14, 2025

CVSS base score

What the vulnerability does

01Description

The WP Custom Cursors WordPress plugin before 3.0.1 does not have CSRF check in place when deleting cursors, which could allow attackers to made a logged in admin delete arbitrary cursors via a CSRF attack.

Key dates

02Disclosure timeline

October 17, 2022 CVE published
May 14, 2025 Record updated

Related vulnerabilities

04Related CVE