CVSS: 9.0EPSS: 0%CPEs: 10EXPL: 0CVE-2022-4950 – Cool Plugins (Various Versions) - Arbitrary Plugin Installation and Activation
https://notcve.org/view.php?id=CVE-2022-4950
04 Apr 2022 — Several WordPress plugins developed by Cool Plugins are vulnerable to arbitrary plugin installation and activation that can lead to remote code execution by authenticated attackers with minimal permissions, such as a subscriber. • https://blog.nintechnet.com/8-wordpress-plugins-fixed-high-severity-vulnerability • CWE-862: Missing Authorization •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1CVE-2020-36738 – Cool Timeline (Horizontal & Vertical Timeline) <= 2.0.2 - Cross-Site Request Forgery Bypass
https://notcve.org/view.php?id=CVE-2020-36738
16 Sep 2020 — The Cool Timeline (Horizontal & Vertical Timeline) plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on the ctl_save() function. This makes it possible for unauthenticated attackers to save field icons via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks • CWE-352: Cross-Site Request Forgery (CSRF) •