CVE-2022-4950
8.8
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD
Description
Several WordPress plugins developed by Cool Plugins are vulnerable to arbitrary plugin installation and activation that can lead to remote code execution by authenticated attackers with minimal permissions, such as a subscriber.
Affected (10)
Products: Coolplugins: Cool Timeline, Cryptocurrency Widgets, Cryptocurrency Widgets For Elementor, Event Single Page Builder For The Event Calendar, Events Notification Bar Addon, Events Search For The Events Calendar, Events Shortcodes For The Events Calendar, Events Widgets For Elementor And The Events Calendar, The Events Calendar Countdown Addon · Cryptocurrency Payment & Donation Box Plugins: Cryptocurrency Payment & Donation Box
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 2.4 | |
| Before 2.5.1 | |
| Before 1.3 | |
| Before 1.6 | |
| Before 1.6 | |
| Before 1.2 | |
| Before 2.0 | |
| Before 1.5 | |
| Before 1.4 | |
| Before 1.8 |
References (6)
Source: security@wordfence.com
Third Party Advisory
Source: security@wordfence.com
Patch
Source: security@wordfence.com
Broken LinkThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkThird Party Advisory
Timeline
No history available yet.