CVE-2022-3149

Name of the Vulnerable Software and Affected Versions WP Custom Cursors WordPress plugin versions prior to 3.0.1

Description The issue is related to the lack of a CSRF check when creating and editing cursors, which could allow attackers to perform actions via CSRF attacks on logged-in admins. Additionally, the lack of sanitization and escaping in some cursor options could lead to Stored Cross-Site Scripting.

Recommendations For versions prior to 3.0.1, update to version 3.0.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the cursor creation and editing functionality to minimize the risk of exploitation.