2 matches found
CVE-2024-53739
CVE-2024-53739 affects the WordPress plugin Cryptocurrency Widgets For Elementor (versions up to 1.6.4). It is caused by improper control of the filename in Include/Require, enabling Local File Inclusion (PHP LFI). The vulnerability has been publicly documented with high/severe impact (CVSS up to...
CVE-2022-4950
CVE-2022-4950 affects WordPress plugins developed by Cool Plugins. Affected component is arbitrary plugin installation/activation that can lead to remote code execution by authenticated users with minimal permissions (e.g., subscriber). Attack vector inferred as network-based from CVSS metrics, w...