CVE-2023-32739 – This CSRF vulnerability in the WordPress WP Cus... (How to Fix)

Q: What is the severity of CVE-2023-32739?

CVE-2023-32739 has a CVSS score of 8.8 (HIGH). This CSRF vulnerability in the WordPress WP Custom Cursors plugin allows attackers to trick authenticated administrators into performing unintended actions. Attackers can create malicious requests that execute when an admin visits a compromised page, potentially modifying plugin settings or performing other administrative actions. WordPress sites using this plugin are affected.

📋 TL;DR

This CSRF vulnerability in the WordPress WP Custom Cursors plugin allows attackers to trick authenticated administrators into performing unintended actions. Attackers can create malicious requests that execute when an admin visits a compromised page, potentially modifying plugin settings or performing other administrative actions. WordPress sites using this plugin are affected.

💻 Affected Systems

Products:

WordPress WP Custom Cursors Plugin

Versions: All versions before 3.2

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires WordPress installation with vulnerable plugin version and an authenticated administrator session.

📦 What is this software?

Custom Cursors by Hamidrezasepehr

View all CVEs affecting Custom Cursors →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could modify plugin settings, inject malicious code, or perform other administrative actions leading to site compromise or data manipulation.

🟠

Likely Case

Attackers trick administrators into changing cursor settings or performing other plugin-specific actions without their knowledge.

🟢

If Mitigated

With proper CSRF protections and user awareness, impact is limited to unsuccessful attack attempts.

🌐 Internet-Facing: HIGH

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

CSRF attacks typically require social engineering to trick authenticated users into visiting malicious pages.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.2

Vendor Advisory: https://patchstack.com/database/vulnerability/wp-custom-cursors/wordpress-wp-custom-cursors-plugin-3-2-cross-site-request-forgery-csrf-vulnerability

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'WP Custom Cursors' plugin. 4. Click 'Update Now' if available, or download version 3.2+ from WordPress repository. 5. Activate updated plugin.

🔧 Temporary Workarounds

Disable Plugin

all

Temporarily disable the vulnerable plugin until patched

Implement CSRF Tokens

all

Add CSRF protection to plugin forms if customizing code

🧯 If You Can't Patch

Restrict plugin access to trusted administrators only
Implement web application firewall with CSRF protection rules

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Plugins > WP Custom Cursors version number

Check Version:

wp plugin list --name='wp-custom-cursors' --field=version

Verify Fix Applied:

Confirm plugin version is 3.2 or higher in WordPress admin

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to plugin admin endpoints
Multiple failed CSRF token validations

Network Indicators:

Requests to plugin endpoints without referrer headers or CSRF tokens

SIEM Query:

source="wordpress" AND (uri_path="/wp-admin/admin-ajax.php" OR uri_path CONTAINS "wp-custom-cursors") AND http_method="POST"

📊 Metadata

CVE ID: CVE-2023-32739

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-352

Published: November 9, 2023

Last Updated: February 19, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-32739, you might also want to check these: