CVE-2022-4950

Several WordPress plugins developed by Cool Plugins are vulnerable to arbitrary plugin installation and activation that can lead to remote code execution by authenticated attackers with minimal permissions, such as a subscriber.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:coolplugins:cool_timeline:*:*:*:*:*:wordpress:*:*
cpe:2.3:a:coolplugins:cryptocurrency_widgets:*:*:*:*:*:wordpress:*:*
cpe:2.3:a:coolplugins:cryptocurrency_widgets_for_elementor:*:*:*:*:*:wordpress:*:*
cpe:2.3:a:coolplugins:event_single_page_builder_for_the_event_calendar:*:*:*:*:*:wordpress:*:*
cpe:2.3:a:coolplugins:events-notification-bar-addon:*:*:*:*:*:wordpress:*:*
cpe:2.3:a:coolplugins:events_search_for_the_events_calendar:*:*:*:*:*:wordpress:*:*
cpe:2.3:a:coolplugins:events_shortcodes_for_the_events_calendar:*:*:*:*:*:wordpress:*:*
cpe:2.3:a:coolplugins:events_widgets_for_elementor_and_the_events_calendar:*:*:*:*:*:wordpress:*:*
cpe:2.3:a:coolplugins:the_events_calendar_countdown_addon:*:*:*:*:*:wordpress:*:*
cpe:2.3:a:cryptocurrency_payment_\&_donation_box_plugins:cryptocurrency_payment_\&_donation_box:*:*:*:*:*:wordpress:*:*

History

13 Jun 2023, 18:42

Type Values Removed Values Added
CWE CWE-862
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8
First Time Coolplugins
Coolplugins cool Timeline
Cryptocurrency Payment \& Donation Box Plugins
Coolplugins events-notification-bar-addon
Coolplugins cryptocurrency Widgets
Coolplugins event Single Page Builder For The Event Calendar
Coolplugins events Search For The Events Calendar
Coolplugins events Widgets For Elementor And The Events Calendar
Coolplugins cryptocurrency Widgets For Elementor
Coolplugins the Events Calendar Countdown Addon
Cryptocurrency Payment \& Donation Box Plugins cryptocurrency Payment \& Donation Box
Coolplugins events Shortcodes For The Events Calendar
CPE cpe:2.3:a:coolplugins:events_shortcodes_for_the_events_calendar:*:*:*:*:*:wordpress:*:*
cpe:2.3:a:coolplugins:event_single_page_builder_for_the_event_calendar:*:*:*:*:*:wordpress:*:*
cpe:2.3:a:coolplugins:events_search_for_the_events_calendar:*:*:*:*:*:wordpress:*:*
cpe:2.3:a:coolplugins:the_events_calendar_countdown_addon:*:*:*:*:*:wordpress:*:*
cpe:2.3:a:coolplugins:events_widgets_for_elementor_and_the_events_calendar:*:*:*:*:*:wordpress:*:*
cpe:2.3:a:coolplugins:cryptocurrency_widgets_for_elementor:*:*:*:*:*:wordpress:*:*
cpe:2.3:a:coolplugins:cool_timeline:*:*:*:*:*:wordpress:*:*
cpe:2.3:a:coolplugins:cryptocurrency_widgets:*:*:*:*:*:wordpress:*:*
cpe:2.3:a:coolplugins:events-notification-bar-addon:*:*:*:*:*:wordpress:*:*
cpe:2.3:a:cryptocurrency_payment_\&_donation_box_plugins:cryptocurrency_payment_\&_donation_box:*:*:*:*:*:wordpress:*:*
References (MISC) https://plugins.trac.wordpress.org/changeset/2705076/cool-timeline/trunk/admin/timeline-addon-page/timeline-addon-page.php - (MISC) https://plugins.trac.wordpress.org/changeset/2705076/cool-timeline/trunk/admin/timeline-addon-page/timeline-addon-page.php - Patch
References (MISC) https://blog.nintechnet.com/8-wordpress-plugins-fixed-high-severity-vulnerability/ - (MISC) https://blog.nintechnet.com/8-wordpress-plugins-fixed-high-severity-vulnerability/ - Third Party Advisory
References (MISC) https://www.wordfence.com/threat-intel/vulnerabilities/id/f6f0fb78-ad6b-4a9e-ae1a-5793f3426379?source=cve - (MISC) https://www.wordfence.com/threat-intel/vulnerabilities/id/f6f0fb78-ad6b-4a9e-ae1a-5793f3426379?source=cve - Broken Link, Third Party Advisory

07 Jun 2023, 02:44

Type Values Removed Values Added
New CVE

Information

Published : 2023-06-07 02:15

Updated : 2024-02-28 20:13


NVD link : CVE-2022-4950

Mitre link : CVE-2022-4950

CVE.ORG link : CVE-2022-4950


JSON object : View

Products Affected

coolplugins

  • cryptocurrency_widgets_for_elementor
  • events_widgets_for_elementor_and_the_events_calendar
  • event_single_page_builder_for_the_event_calendar
  • events-notification-bar-addon
  • events_search_for_the_events_calendar
  • events_shortcodes_for_the_events_calendar
  • cool_timeline
  • cryptocurrency_widgets
  • the_events_calendar_countdown_addon

cryptocurrency_payment_\&_donation_box_plugins

  • cryptocurrency_payment_\&_donation_box
CWE
CWE-862

Missing Authorization