8.8
CVE-2022-4950
- EPSS 5.1%
- Veröffentlicht 07.06.2023 02:15:15
- Zuletzt bearbeitet 21.11.2024 07:36:18
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginCool Plugins (Various Versions) - Arbitrary Plugin Installation and Activation
Several WordPress plugins developed by Cool Plugins are vulnerable to arbitrary plugin installation and activation that can lead to remote code execution by authenticated attackers with minimal permissions, such as a subscriber.
Mögliche Gegenmaßnahme
Cool Timeline (Horizontal & Vertical Timeline): Update to version 2.4, or a newer patched version
The Events Calendar Countdown Addon: Update to version 1.4, or a newer patched version
Cryptocurrency Donation Box – Bitcoin & Crypto Donations: Update to version 1.8, or a newer patched version
Cryptocurrency Widgets – Price Ticker & Coins List: Update to version 2.5.1, or a newer patched version
Cryptocurrency Widgets For Elementor: Update to version 1.3, or a newer patched version
Event Single Page Builder For The Event Calendar: Update to version 1.6, or a newer patched version
The Events Calendar Events Notification Bar Addon: Update to version 1.6, or a newer patched version
Events Search For The Events Calendar: Update to version 1.2, or a newer patched version
Events Widgets For Elementor And The Events Calendar: Update to version 1.5, or a newer patched version
Events Shortcodes For The Events Calendar: Update to version 2.0, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Cool Timeline (Horizontal & Vertical Timeline)
Version
*-2.3.3
SystemWordPress Plugin
≫
Produkt
The Events Calendar Countdown Addon
Version
*-1.3.1
SystemWordPress Plugin
≫
Produkt
Cryptocurrency Donation Box – Bitcoin & Crypto Donations
Version
*-1.7
SystemWordPress Plugin
≫
Produkt
Cryptocurrency Widgets – Price Ticker & Coins List
Version
*-2.4
SystemWordPress Plugin
≫
Produkt
Cryptocurrency Widgets For Elementor
Version
[*, 1.3)
SystemWordPress Plugin
≫
Produkt
Event Single Page Builder For The Event Calendar
Version
*-1.5
SystemWordPress Plugin
≫
Produkt
The Events Calendar Events Notification Bar Addon
Version
*-1.1
SystemWordPress Plugin
≫
Produkt
Events Search For The Events Calendar
Version
*-1.1.3
SystemWordPress Plugin
≫
Produkt
Events Widgets For Elementor And The Events Calendar
Version
*-1.4.2
SystemWordPress Plugin
≫
Produkt
Events Shortcodes For The Events Calendar
Version
*-1.9.4
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Coolplugins ≫ Cool Timeline SwPlatformwordpress Version < 2.4
Coolplugins ≫ Cryptocurrency Widgets SwPlatformwordpress Version < 2.5.1
Coolplugins ≫ Cryptocurrency Widgets For Elementor SwPlatformwordpress Version < 1.3
Coolplugins ≫ Event Single Page Builder For The Event Calendar SwPlatformwordpress Version < 1.6
Coolplugins ≫ Events-notification-bar-addon SwPlatformwordpress Version < 1.6
Coolplugins ≫ Events Search For The Events Calendar SwPlatformwordpress Version < 1.2
Coolplugins ≫ Events Shortcodes For The Events Calendar SwPlatformwordpress Version < 2.0
Coolplugins ≫ Events Widgets For Elementor And The Events Calendar SwPlatformwordpress Version < 1.5
Coolplugins ≫ The Events Calendar Countdown Addon SwPlatformwordpress Version < 1.4
Cryptocurrency Payment & Donation Box Plugins ≫ Cryptocurrency Payment & Donation Box SwPlatformwordpress Version < 1.8
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 5.1% | 0.897 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| security@wordfence.com | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-862 Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.