CVE-2022-4950

Several WordPress plugins developed by Cool Plugins are vulnerable to arbitrary plugin installation and activation that can lead to remote code execution by authenticated attackers with minimal permissions, such as a subscriber.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:coolplugins:cool_timeline:*:*:*:*:*:wordpress:*:*
cpe:2.3:a:coolplugins:cryptocurrency_widgets:*:*:*:*:*:wordpress:*:*
cpe:2.3:a:coolplugins:cryptocurrency_widgets_for_elementor:*:*:*:*:*:wordpress:*:*
cpe:2.3:a:coolplugins:event_single_page_builder_for_the_event_calendar:*:*:*:*:*:wordpress:*:*
cpe:2.3:a:coolplugins:events-notification-bar-addon:*:*:*:*:*:wordpress:*:*
cpe:2.3:a:coolplugins:events_search_for_the_events_calendar:*:*:*:*:*:wordpress:*:*
cpe:2.3:a:coolplugins:events_shortcodes_for_the_events_calendar:*:*:*:*:*:wordpress:*:*
cpe:2.3:a:coolplugins:events_widgets_for_elementor_and_the_events_calendar:*:*:*:*:*:wordpress:*:*
cpe:2.3:a:coolplugins:the_events_calendar_countdown_addon:*:*:*:*:*:wordpress:*:*
cpe:2.3:a:cryptocurrency_payment_\&_donation_box_plugins:cryptocurrency_payment_\&_donation_box:*:*:*:*:*:wordpress:*:*

History

21 Nov 2024, 07:36

Type Values Removed Values Added
References () https://blog.nintechnet.com/8-wordpress-plugins-fixed-high-severity-vulnerability/ - Third Party Advisory () https://blog.nintechnet.com/8-wordpress-plugins-fixed-high-severity-vulnerability/ - Third Party Advisory
References () https://plugins.trac.wordpress.org/changeset/2705076/cool-timeline/trunk/admin/timeline-addon-page/timeline-addon-page.php - Patch () https://plugins.trac.wordpress.org/changeset/2705076/cool-timeline/trunk/admin/timeline-addon-page/timeline-addon-page.php - Patch
References () https://www.wordfence.com/threat-intel/vulnerabilities/id/f6f0fb78-ad6b-4a9e-ae1a-5793f3426379?source=cve - Broken Link, Third Party Advisory () https://www.wordfence.com/threat-intel/vulnerabilities/id/f6f0fb78-ad6b-4a9e-ae1a-5793f3426379?source=cve - Broken Link, Third Party Advisory

13 Jun 2023, 18:42

Type Values Removed Values Added
CPE cpe:2.3:a:coolplugins:events_shortcodes_for_the_events_calendar:*:*:*:*:*:wordpress:*:*
cpe:2.3:a:coolplugins:event_single_page_builder_for_the_event_calendar:*:*:*:*:*:wordpress:*:*
cpe:2.3:a:coolplugins:events_search_for_the_events_calendar:*:*:*:*:*:wordpress:*:*
cpe:2.3:a:coolplugins:the_events_calendar_countdown_addon:*:*:*:*:*:wordpress:*:*
cpe:2.3:a:coolplugins:events_widgets_for_elementor_and_the_events_calendar:*:*:*:*:*:wordpress:*:*
cpe:2.3:a:coolplugins:cryptocurrency_widgets_for_elementor:*:*:*:*:*:wordpress:*:*
cpe:2.3:a:coolplugins:cool_timeline:*:*:*:*:*:wordpress:*:*
cpe:2.3:a:coolplugins:cryptocurrency_widgets:*:*:*:*:*:wordpress:*:*
cpe:2.3:a:coolplugins:events-notification-bar-addon:*:*:*:*:*:wordpress:*:*
cpe:2.3:a:cryptocurrency_payment_\&_donation_box_plugins:cryptocurrency_payment_\&_donation_box:*:*:*:*:*:wordpress:*:*
CWE CWE-862
First Time Coolplugins
Coolplugins cool Timeline
Cryptocurrency Payment \& Donation Box Plugins
Coolplugins events-notification-bar-addon
Coolplugins cryptocurrency Widgets
Coolplugins event Single Page Builder For The Event Calendar
Coolplugins events Search For The Events Calendar
Coolplugins events Widgets For Elementor And The Events Calendar
Coolplugins cryptocurrency Widgets For Elementor
Coolplugins the Events Calendar Countdown Addon
Cryptocurrency Payment \& Donation Box Plugins cryptocurrency Payment \& Donation Box
Coolplugins events Shortcodes For The Events Calendar
References (MISC) https://plugins.trac.wordpress.org/changeset/2705076/cool-timeline/trunk/admin/timeline-addon-page/timeline-addon-page.php - (MISC) https://plugins.trac.wordpress.org/changeset/2705076/cool-timeline/trunk/admin/timeline-addon-page/timeline-addon-page.php - Patch
References (MISC) https://blog.nintechnet.com/8-wordpress-plugins-fixed-high-severity-vulnerability/ - (MISC) https://blog.nintechnet.com/8-wordpress-plugins-fixed-high-severity-vulnerability/ - Third Party Advisory
References (MISC) https://www.wordfence.com/threat-intel/vulnerabilities/id/f6f0fb78-ad6b-4a9e-ae1a-5793f3426379?source=cve - (MISC) https://www.wordfence.com/threat-intel/vulnerabilities/id/f6f0fb78-ad6b-4a9e-ae1a-5793f3426379?source=cve - Broken Link, Third Party Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8

07 Jun 2023, 02:44

Type Values Removed Values Added
New CVE

Information

Published : 2023-06-07 02:15

Updated : 2024-11-21 07:36


NVD link : CVE-2022-4950

Mitre link : CVE-2022-4950

CVE.ORG link : CVE-2022-4950


JSON object : View

Products Affected

coolplugins

  • cryptocurrency_widgets
  • cool_timeline
  • events_search_for_the_events_calendar
  • events-notification-bar-addon
  • cryptocurrency_widgets_for_elementor
  • events_widgets_for_elementor_and_the_events_calendar
  • event_single_page_builder_for_the_event_calendar
  • the_events_calendar_countdown_addon
  • events_shortcodes_for_the_events_calendar

cryptocurrency_payment_\&_donation_box_plugins

  • cryptocurrency_payment_\&_donation_box
CWE
CWE-862

Missing Authorization