CVE-2022-4950 – Cool Plugins (Various Versions) - Arbitrary Plugin Installation and Activation

https://notcve.org/view.php?id=CVE-2022-4950

04 Apr 2022 — Several WordPress plugins developed by Cool Plugins are vulnerable to arbitrary plugin installation and activation that can lead to remote code execution by authenticated attackers with minimal permissions, such as a subscriber. • https://blog.nintechnet.com/8-wordpress-plugins-fixed-high-severity-vulnerability • CWE-862: Missing Authorization •