Lucene search

[email protected]NVD:CVE-2022-4950

HistoryJun 07, 2023 - 2:15 a.m.

CVE-2022-4950

2023-06-0702:15:15

CWE-862

[email protected]

web.nvd.nist.gov

wordpress

cool plugins

vulnerability

remote code execution

arbitrary plugin installation

authenticated attackers

minimal permissions

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.9%

JSON

Several WordPress plugins developed by Cool Plugins are vulnerable to arbitrary plugin installation and activation that can lead to remote code execution by authenticated attackers with minimal permissions, such as a subscriber.

Affected configurations

NVD

Node

coolpluginscool_timelineRange<2.4wordpress

coolpluginscryptocurrency_widgetsRange<2.5.1wordpress

coolpluginscryptocurrency_widgets_for_elementorRange<1.3wordpress

coolpluginsevent_single_page_builder_for_the_event_calendarRange<1.6wordpress

coolpluginsevents-notification-bar-addonRange<1.6wordpress

coolpluginsevents_search_for_the_events_calendarRange<1.2wordpress

coolpluginsevents_shortcodes_for_the_events_calendarRange<2.0wordpress

coolpluginsevents_widgets_for_elementor_and_the_events_calendarRange<1.5wordpress

coolpluginsthe_events_calendar_countdown_addonRange<1.4wordpress

cryptocurrency_payment_\&_donation_box_pluginscryptocurrency_payment_\&_donation_boxRange<1.8wordpress

References

blog.nintechnet.com/8-wordpress-plugins-fixed-high-severity-vulnerability/

plugins.trac.wordpress.org/changeset/2705076/cool-timeline/trunk/admin/timeline-addon-page/timeline-addon-page.php

www.wordfence.com/threat-intel/vulnerabilities/id/f6f0fb78-ad6b-4a9e-ae1a-5793f3426379?source=cve

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.9%

JSON

Related for NVD:CVE-2022-4950

cve1 cvelist1 prion1