CVE-2022-4950
Cool Plugins (Various Versions) - Arbitrary Plugin Installation and Activation
Several WordPress plugins developed by Cool Plugins are vulnerable to arbitrary plugin installation and activation that can lead to remote code execution by authenticated attackers with minimal permissions, such as a subscriber.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
blackworks1 · Cryptocurrency Donation Box – Bitcoin & Crypto Donationscoolplugins · Cryptocurrency Widgets For Elementorcoolplugins · Events Widgets For Elementor And The Events Calendarnarinder-singh · Cool Timeline (Horizontal & Vertical Timeline)narinder-singh · Cryptocurrency Widgets – Price Ticker & Coins Listnarinder-singh · Event Countdown for The Events Calendarnarinder-singh · Event Single Page Builder For The Events Calendarnarinder-singh · Events Search For The Events Calendarnarinder-singh · Events Shortcodes For The Events Calendarnarinder-singh · The Events Calendar Events Notification Bar AddonWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://blog.nintechnet.com/8-wordpress-plugins-fixed-high-severity-vulnerability/https://plugins.trac.wordpress.org/changeset/2705076/cool-timeline/trunk/admin/timeline-addon-page/timeline-addon-page.phphttps://www.wordfence.com/threat-intel/vulnerabilities/id/f6f0fb78-ad6b-4a9e-ae1a-5793f3426379?source=cve