CVE-2022-4950
Cool Plugins (Various Versions) - Arbitrary Plugin Installation and Activation
Several WordPress plugins developed by Cool Plugins are vulnerable to arbitrary plugin installation and activation that can lead to remote code execution by authenticated attackers with minimal permissions, such as a subscriber.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Productos afectados
blackworks1 · Cryptocurrency Donation Box – Bitcoin & Crypto Donationscoolplugins · Cryptocurrency Widgets For Elementorcoolplugins · Events Widgets For Elementor And The Events Calendarnarinder-singh · Cool Timeline (Horizontal & Vertical Timeline)narinder-singh · Cryptocurrency Widgets – Price Ticker & Coins Listnarinder-singh · Event Countdown for The Events Calendarnarinder-singh · Event Single Page Builder For The Events Calendarnarinder-singh · Events Search For The Events Calendarnarinder-singh · Events Shortcodes For The Events Calendarnarinder-singh · The Events Calendar Events Notification Bar Addon¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
https://blog.nintechnet.com/8-wordpress-plugins-fixed-high-severity-vulnerability/https://plugins.trac.wordpress.org/changeset/2705076/cool-timeline/trunk/admin/timeline-addon-page/timeline-addon-page.phphttps://www.wordfence.com/threat-intel/vulnerabilities/id/f6f0fb78-ad6b-4a9e-ae1a-5793f3426379?source=cve