Remote code execution

2023-06-0702:15:00

PRIOn knowledge base

www.prio-n.com

remote code execution

cool plugins

vulnerability

wordpress

authenticated attackers

minimal permissions

8.8 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.9%

JSON

Several WordPress plugins developed by Cool Plugins are vulnerable to arbitrary plugin installation and activation that can lead to remote code execution by authenticated attackers with minimal permissions, such as a subscriber.

CPENameOperatorVersion
cool_timelinelt2.4
cryptocurrency_widgetslt2.5.1
cryptocurrency_widgets_for_elementorlt1.3
event_single_page_builder_for_the_event_calendarlt1.6
events-notification-bar-addonlt1.6
events_search_for_the_events_calendarlt1.2
events_shortcodes_for_the_events_calendarlt2.0
events_widgets_for_elementor_and_the_events_calendarlt1.5
the_events_calendar_countdown_addonlt1.4
cryptocurrency_payment_\\&_donation_boxlt1.8

Name	Operator	Version
cool_timeline	lt	2.4
cryptocurrency_widgets	lt	2.5.1
cryptocurrency_widgets_for_elementor	lt	1.3
event_single_page_builder_for_the_event_calendar	lt	1.6
events-notification-bar-addon	lt	1.6
events_search_for_the_events_calendar	lt	1.2
events_shortcodes_for_the_events_calendar	lt	2.0
events_widgets_for_elementor_and_the_events_calendar	lt	1.5
the_events_calendar_countdown_addon	lt	1.4
cryptocurrency_payment_\\&_donation_box	lt	1.8