CVE-2022-4950
8.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Several WordPress plugins developed by Cool Plugins are vulnerable to arbitrary plugin installation and activation that can lead to remote code execution by authenticated attackers with minimal permissions, such as a subscriber.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| narinder-singh | The Events Calendar Events Notification Bar Addon | 0 <= 1.1 | affected |
| narinder-singh | Events Search For The Events Calendar | 0 <= 1.1.3 | affected |
| coolplugins | Cryptocurrency Widgets For Elementor | 0 < 1.3 | affected |
| narinder-singh | Event Countdown for The Events Calendar | 0 <= 1.3.1 | affected |
| coolplugins | Events Widgets For Elementor And The Events Calendar | 0 <= 1.4.2 | affected |
| narinder-singh | Event Single Page Builder For The Events Calendar | 0 <= 1.5 | affected |
| blackworks1 | Cryptocurrency Donation Box – Bitcoin & Crypto Donations | 0 <= 1.7 | affected |
| narinder-singh | Events Shortcodes For The Events Calendar | 0 <= 1.9.4 | affected |
| narinder-singh | Cool Timeline (Horizontal & Vertical Timeline) | 0 <= 2.3.3 | affected |
| narinder-singh | Cryptocurrency Widgets – Price Ticker & Coins List | 0 <= 2.4 | affected |
Weaknesses
- CWE-862: CWE-862 Missing Authorization
ADP Enrichment
CVE Program Container
Additional References
- https://www.wordfence.com/threat-intel/vulnerabilities/id/f6f0fb78-ad6b-4a9e-ae1a-5793f3426379?source=cve
- https://plugins.trac.wordpress.org/changeset/2705076/cool-timeline/trunk/admin/timeline-addon-page/timeline-addon-page.php
- https://blog.nintechnet.com/8-wordpress-plugins-fixed-high-severity-vulnerability/
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://www.wordfence.com/threat-intel/vulnerabilities/id/f6f0fb78-ad6b-4a9e-ae1a-5793f3426379?source=cve
- https://plugins.trac.wordpress.org/changeset/2705076/cool-timeline/trunk/admin/timeline-addon-page/timeline-addon-page.php
- https://blog.nintechnet.com/8-wordpress-plugins-fixed-high-severity-vulnerability/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.