CVE-2022-4950
Cool Plugins (Various Versions) - Arbitrary Plugin Installation and Activation
Severity Score
8.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track*
*SSVC
Descriptions
Several WordPress plugins developed by Cool Plugins are vulnerable to arbitrary plugin installation and activation that can lead to remote code execution by authenticated attackers with minimal permissions, such as a subscriber.
*Credits:
Jerome Bruandet
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track*
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-04-04 CVE Published
- 2023-06-06 CVE Reserved
- 2024-12-23 CVE Updated
- 2025-01-12 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-862: Missing Authorization
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| https://blog.nintechnet.com/8-wordpress-plugins-fixed-high-severity-vulnerability | Third Party Advisory | |
| https://www.wordfence.com/threat-intel/vulnerabilities/id/f6f0fb78-ad6b-4a9e-ae1a-5793f3426379?source=cve | Broken Link |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://plugins.trac.wordpress.org/changeset/2705076/cool-timeline/trunk/admin/timeline-addon-page/timeline-addon-page.php | 2023-11-07 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Coolplugins Search vendor "Coolplugins" | Cool Timeline Search vendor "Coolplugins" for product "Cool Timeline" | < 2.4 Search vendor "Coolplugins" for product "Cool Timeline" and version " < 2.4" | wordpress |
Affected
| ||||||
| Coolplugins Search vendor "Coolplugins" | Cryptocurrency Widgets Search vendor "Coolplugins" for product "Cryptocurrency Widgets" | < 2.5.1 Search vendor "Coolplugins" for product "Cryptocurrency Widgets" and version " < 2.5.1" | wordpress |
Affected
| ||||||
| Coolplugins Search vendor "Coolplugins" | Cryptocurrency Widgets For Elementor Search vendor "Coolplugins" for product "Cryptocurrency Widgets For Elementor" | < 1.3 Search vendor "Coolplugins" for product "Cryptocurrency Widgets For Elementor" and version " < 1.3" | wordpress |
Affected
| ||||||
| Coolplugins Search vendor "Coolplugins" | Event Single Page Builder For The Event Calendar Search vendor "Coolplugins" for product "Event Single Page Builder For The Event Calendar" | < 1.6 Search vendor "Coolplugins" for product "Event Single Page Builder For The Event Calendar" and version " < 1.6" | wordpress |
Affected
| ||||||
| Coolplugins Search vendor "Coolplugins" | Events-notification-bar-addon Search vendor "Coolplugins" for product "Events-notification-bar-addon" | < 1.6 Search vendor "Coolplugins" for product "Events-notification-bar-addon" and version " < 1.6" | wordpress |
Affected
| ||||||
| Coolplugins Search vendor "Coolplugins" | Events Search For The Events Calendar Search vendor "Coolplugins" for product "Events Search For The Events Calendar" | < 1.2 Search vendor "Coolplugins" for product "Events Search For The Events Calendar" and version " < 1.2" | wordpress |
Affected
| ||||||
| Coolplugins Search vendor "Coolplugins" | Events Shortcodes For The Events Calendar Search vendor "Coolplugins" for product "Events Shortcodes For The Events Calendar" | < 2.0 Search vendor "Coolplugins" for product "Events Shortcodes For The Events Calendar" and version " < 2.0" | wordpress |
Affected
| ||||||
| Coolplugins Search vendor "Coolplugins" | Events Widgets For Elementor And The Events Calendar Search vendor "Coolplugins" for product "Events Widgets For Elementor And The Events Calendar" | < 1.5 Search vendor "Coolplugins" for product "Events Widgets For Elementor And The Events Calendar" and version " < 1.5" | wordpress |
Affected
| ||||||
| Coolplugins Search vendor "Coolplugins" | The Events Calendar Countdown Addon Search vendor "Coolplugins" for product "The Events Calendar Countdown Addon" | < 1.4 Search vendor "Coolplugins" for product "The Events Calendar Countdown Addon" and version " < 1.4" | wordpress |
Affected
| ||||||
| Cryptocurrency Payment \& Donation Box Plugins Search vendor "Cryptocurrency Payment \& Donation Box Plugins" | Cryptocurrency Payment \& Donation Box Search vendor "Cryptocurrency Payment \& Donation Box Plugins" for product "Cryptocurrency Payment \& Donation Box" | < 1.8 Search vendor "Cryptocurrency Payment \& Donation Box Plugins" for product "Cryptocurrency Payment \& Donation Box" and version " < 1.8" | wordpress |
Affected
| ||||||