Several WordPress plugins developed by Cool Plugins are vulnerable to arbitrary plugin installation and activation that can lead to remote code execution by authenticated attackers with minimal permissions, such as a subscriber.
References
Configurations
Configuration 1 (hide)
|
History
13 Jun 2023, 18:42
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-862 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
First Time |
Coolplugins
Coolplugins cool Timeline Cryptocurrency Payment \& Donation Box Plugins Coolplugins events-notification-bar-addon Coolplugins cryptocurrency Widgets Coolplugins event Single Page Builder For The Event Calendar Coolplugins events Search For The Events Calendar Coolplugins events Widgets For Elementor And The Events Calendar Coolplugins cryptocurrency Widgets For Elementor Coolplugins the Events Calendar Countdown Addon Cryptocurrency Payment \& Donation Box Plugins cryptocurrency Payment \& Donation Box Coolplugins events Shortcodes For The Events Calendar |
|
CPE | cpe:2.3:a:coolplugins:events_shortcodes_for_the_events_calendar:*:*:*:*:*:wordpress:*:* cpe:2.3:a:coolplugins:event_single_page_builder_for_the_event_calendar:*:*:*:*:*:wordpress:*:* cpe:2.3:a:coolplugins:events_search_for_the_events_calendar:*:*:*:*:*:wordpress:*:* cpe:2.3:a:coolplugins:the_events_calendar_countdown_addon:*:*:*:*:*:wordpress:*:* cpe:2.3:a:coolplugins:events_widgets_for_elementor_and_the_events_calendar:*:*:*:*:*:wordpress:*:* cpe:2.3:a:coolplugins:cryptocurrency_widgets_for_elementor:*:*:*:*:*:wordpress:*:* cpe:2.3:a:coolplugins:cool_timeline:*:*:*:*:*:wordpress:*:* cpe:2.3:a:coolplugins:cryptocurrency_widgets:*:*:*:*:*:wordpress:*:* cpe:2.3:a:coolplugins:events-notification-bar-addon:*:*:*:*:*:wordpress:*:* cpe:2.3:a:cryptocurrency_payment_\&_donation_box_plugins:cryptocurrency_payment_\&_donation_box:*:*:*:*:*:wordpress:*:* |
|
References | (MISC) https://plugins.trac.wordpress.org/changeset/2705076/cool-timeline/trunk/admin/timeline-addon-page/timeline-addon-page.php - Patch | |
References | (MISC) https://blog.nintechnet.com/8-wordpress-plugins-fixed-high-severity-vulnerability/ - Third Party Advisory | |
References | (MISC) https://www.wordfence.com/threat-intel/vulnerabilities/id/f6f0fb78-ad6b-4a9e-ae1a-5793f3426379?source=cve - Broken Link, Third Party Advisory |
07 Jun 2023, 02:44
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-06-07 02:15
Updated : 2024-02-28 20:13
NVD link : CVE-2022-4950
Mitre link : CVE-2022-4950
CVE.ORG link : CVE-2022-4950
JSON object : View
Products Affected
coolplugins
- cryptocurrency_widgets_for_elementor
- events_widgets_for_elementor_and_the_events_calendar
- event_single_page_builder_for_the_event_calendar
- events-notification-bar-addon
- events_search_for_the_events_calendar
- events_shortcodes_for_the_events_calendar
- cool_timeline
- cryptocurrency_widgets
- the_events_calendar_countdown_addon
cryptocurrency_payment_\&_donation_box_plugins
- cryptocurrency_payment_\&_donation_box
CWE
CWE-862
Missing Authorization