Several WordPress plugins developed by Cool Plugins are vulnerable to arbitrary plugin installation and activation that can lead to remote code execution by authenticated attackers with minimal permissions, such as a subscriber.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 07:36
Type | Values Removed | Values Added |
---|---|---|
References | () https://blog.nintechnet.com/8-wordpress-plugins-fixed-high-severity-vulnerability/ - Third Party Advisory | |
References | () https://plugins.trac.wordpress.org/changeset/2705076/cool-timeline/trunk/admin/timeline-addon-page/timeline-addon-page.php - Patch | |
References | () https://www.wordfence.com/threat-intel/vulnerabilities/id/f6f0fb78-ad6b-4a9e-ae1a-5793f3426379?source=cve - Broken Link, Third Party Advisory |
13 Jun 2023, 18:42
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:coolplugins:events_shortcodes_for_the_events_calendar:*:*:*:*:*:wordpress:*:* cpe:2.3:a:coolplugins:event_single_page_builder_for_the_event_calendar:*:*:*:*:*:wordpress:*:* cpe:2.3:a:coolplugins:events_search_for_the_events_calendar:*:*:*:*:*:wordpress:*:* cpe:2.3:a:coolplugins:the_events_calendar_countdown_addon:*:*:*:*:*:wordpress:*:* cpe:2.3:a:coolplugins:events_widgets_for_elementor_and_the_events_calendar:*:*:*:*:*:wordpress:*:* cpe:2.3:a:coolplugins:cryptocurrency_widgets_for_elementor:*:*:*:*:*:wordpress:*:* cpe:2.3:a:coolplugins:cool_timeline:*:*:*:*:*:wordpress:*:* cpe:2.3:a:coolplugins:cryptocurrency_widgets:*:*:*:*:*:wordpress:*:* cpe:2.3:a:coolplugins:events-notification-bar-addon:*:*:*:*:*:wordpress:*:* cpe:2.3:a:cryptocurrency_payment_\&_donation_box_plugins:cryptocurrency_payment_\&_donation_box:*:*:*:*:*:wordpress:*:* |
|
CWE | CWE-862 | |
First Time |
Coolplugins
Coolplugins cool Timeline Cryptocurrency Payment \& Donation Box Plugins Coolplugins events-notification-bar-addon Coolplugins cryptocurrency Widgets Coolplugins event Single Page Builder For The Event Calendar Coolplugins events Search For The Events Calendar Coolplugins events Widgets For Elementor And The Events Calendar Coolplugins cryptocurrency Widgets For Elementor Coolplugins the Events Calendar Countdown Addon Cryptocurrency Payment \& Donation Box Plugins cryptocurrency Payment \& Donation Box Coolplugins events Shortcodes For The Events Calendar |
|
References | (MISC) https://plugins.trac.wordpress.org/changeset/2705076/cool-timeline/trunk/admin/timeline-addon-page/timeline-addon-page.php - Patch | |
References | (MISC) https://blog.nintechnet.com/8-wordpress-plugins-fixed-high-severity-vulnerability/ - Third Party Advisory | |
References | (MISC) https://www.wordfence.com/threat-intel/vulnerabilities/id/f6f0fb78-ad6b-4a9e-ae1a-5793f3426379?source=cve - Broken Link, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
07 Jun 2023, 02:44
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-06-07 02:15
Updated : 2024-11-21 07:36
NVD link : CVE-2022-4950
Mitre link : CVE-2022-4950
CVE.ORG link : CVE-2022-4950
JSON object : View
Products Affected
coolplugins
- cryptocurrency_widgets
- cool_timeline
- events_search_for_the_events_calendar
- events-notification-bar-addon
- cryptocurrency_widgets_for_elementor
- events_widgets_for_elementor_and_the_events_calendar
- event_single_page_builder_for_the_event_calendar
- the_events_calendar_countdown_addon
- events_shortcodes_for_the_events_calendar
cryptocurrency_payment_\&_donation_box_plugins
- cryptocurrency_payment_\&_donation_box
CWE
CWE-862
Missing Authorization