The WP Custom Cursors WordPress plugin prior to 3.0.1 does not have CSRF check in place when creating and editing cursors, which could allow malicious users to made a logged in admin perform such actions via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping in some of the cursor options, it could also lead to Stored Cross-Site Scripting
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
wp custom cursors project wp custom cursors |