Coolplugins
coolplugins
12 CVEs • 12 products
Products (12)
Click to collapseToggle
Products (12)
Click to collapse
CVEs (12)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
1Coolplugins 1Cryptocurrency Widgets Jun 17, 2026 Dec 13, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Missing Authorization vulnerability in Cool Plugins Cryptocurrency Widgets – Price Ticker & Coins List allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cryptocurrency Widgets – P...Show more |
1Coolplugins 1Cryptocurrency Widgets For Elementor Jun 17, 2026 Nov 30, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Cool Plugins Cryptocurrency Widgets For Elementor cryptocurrency-widgets-for-elementor allows PHP L...Show more |
1Coolplugins 1Web Stories Widgets For Elementor Jun 17, 2026 Nov 11, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cool Plugins Web Stories Widgets For Elementor shortcodes-for-amp-web-stories-and-elementor-widget allows Stored XSS.T...Show more |
1Coolplugins 1Cryptocurrency Widgets Jun 17, 2026 Aug 18, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Cool Plugins Cryptocurrency Widgets – Price Ticker & Coins List allows Reflected XSS.This issue affects Cryptoc...Show more |
1Coolplugins 1Cryptocurrency Widgets Jun 17, 2026 Mar 13, 2024 N/A· v4 4.7 MEDIUM· v3 N/A· v2 Missing Authorization vulnerability in Cool Plugins Cryptocurrency Widgets – Price Ticker & Coins List.This issue affects Cryptocurrency Widgets – Price Ticker & Coins List: from n/a through 2.6.8. |
1Coolplugins 1Timeline Widget For Elementor Jun 17, 2026 Feb 7, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The Timeline Widget For Elementor (Elementor Timeline, Vertical & Horizontal Timeline) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image URLs in the plugin's timeline widget in all versions up t...Show more |
The Cryptocurrency Widgets – Price Ticker & Coins List plugin for WordPress is vulnerable to SQL Injection via the 'coinslist' parameter in versions 2.0 to 2.6.5 due to insufficient escaping on the user supplied paramete...Show more |
1Coolplugins 1Events Shortcodes For The Events Calendar Jun 17, 2026 Jan 8, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cool Plugins Events Shortcodes For The Events Calendar.This issue affects Events Shortcodes For The Events Calendar: f...Show more |
1Coolplugins 1Process Steps Template Designer Jun 17, 2026 Jul 12, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Process Steps Template Designer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation on the save() function. T...Show more |
The Cool Timeline (Horizontal & Vertical Timeline) plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on the ctl...Show more |
2Coolplugins Cryptocurrency Payment & Donation Box Plugins10Cool Timeline Cryptocurrency Payment & Donation BoxCryptocurrency Widgets+7 moreJun 17, 2026 Jun 7, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Several WordPress plugins developed by Cool Plugins are vulnerable to arbitrary plugin installation and activation that can lead to remote code execution by authenticated attackers with minimal permissions, such as a sub...Show more |
1Coolplugins 1Process Steps Template Designer Jun 17, 2026 Jun 7, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 The Process Steps Template Designer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.1. This makes it possible for unauthenticated attackers to conduct unspecified at...Show more |