CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-52142 – WordPress Events Shortcodes & Templates For The Events Calendar Plugin <= 2.3.1 is vulnerable to SQL Injection
https://notcve.org/view.php?id=CVE-2023-52142
28 Dec 2023 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cool Plugins Events Shortcodes For The Events Calendar.This issue affects Events Shortcodes For The Events Calendar: from n/a through 2.3.1. Neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyección SQL') en Cool Plugins Events Shortcodes For The Events Calendar. Este problema afecta a Events Shortcodes For The Events Calendar: desde n/a hasta 2.3.1. The E... • https://patchstack.com/database/vulnerability/template-events-calendar/wordpress-events-shortcodes-for-the-events-calendar-plugin-2-3-1-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 10EXPL: 0CVE-2022-4950 – Cool Plugins (Various Versions) - Arbitrary Plugin Installation and Activation
https://notcve.org/view.php?id=CVE-2022-4950
04 Apr 2022 — Several WordPress plugins developed by Cool Plugins are vulnerable to arbitrary plugin installation and activation that can lead to remote code execution by authenticated attackers with minimal permissions, such as a subscriber. • https://blog.nintechnet.com/8-wordpress-plugins-fixed-high-severity-vulnerability • CWE-862: Missing Authorization •