Vulnerabilites related to coolplugins - cool_timeline
Vulnerability from fkie_nvd
Published
2023-07-01 04:15
Modified
2024-11-21 05:30
Severity ?
Summary
The Cool Timeline (Horizontal & Vertical Timeline) plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on the ctl_save() function. This makes it possible for unauthenticated attackers to save field icons via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| coolplugins | cool_timeline | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:coolplugins:cool_timeline:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "4F98B8C9-83A9-4BCE-A0A6-7327B8402806",
"versionEndExcluding": "2.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Cool Timeline (Horizontal \u0026 Vertical Timeline) plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on the ctl_save() function. This makes it possible for unauthenticated attackers to save field icons via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
],
"id": "CVE-2020-36738",
"lastModified": "2024-11-21T05:30:11.610",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "security@wordfence.com",
"type": "Primary"
}
]
},
"published": "2023-07-01T04:15:10.220",
"references": [
{
"source": "security@wordfence.com",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/"
},
{
"source": "security@wordfence.com",
"tags": [
"Not Applicable"
],
"url": "https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/"
},
{
"source": "security@wordfence.com",
"tags": [
"Not Applicable"
],
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/"
},
{
"source": "security@wordfence.com",
"tags": [
"Not Applicable"
],
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/"
},
{
"source": "security@wordfence.com",
"tags": [
"Not Applicable"
],
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/"
},
{
"source": "security@wordfence.com",
"tags": [
"Not Applicable"
],
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/"
},
{
"source": "security@wordfence.com",
"tags": [
"Not Applicable"
],
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/"
},
{
"source": "security@wordfence.com",
"tags": [
"Patch"
],
"url": "https://plugins.trac.wordpress.org/changeset/2368335/cool-timeline/trunk/fa-icons/fa-icons-class.php"
},
{
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1ce7c895-e94c-46bd-9de1-f5fde29c3475?source=cve"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://plugins.trac.wordpress.org/changeset/2368335/cool-timeline/trunk/fa-icons/fa-icons-class.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1ce7c895-e94c-46bd-9de1-f5fde29c3475?source=cve"
}
],
"sourceIdentifier": "security@wordfence.com",
"vulnStatus": "Modified"
}
Vulnerability from fkie_nvd
Published
2023-06-07 02:15
Modified
2024-11-21 07:36
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Several WordPress plugins developed by Cool Plugins are vulnerable to arbitrary plugin installation and activation that can lead to remote code execution by authenticated attackers with minimal permissions, such as a subscriber.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:coolplugins:cool_timeline:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "B0EB744A-1F45-4381-B2D1-40B5F18A451D",
"versionEndExcluding": "2.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coolplugins:cryptocurrency_widgets:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "7C167C14-32C8-4492-AA99-470F9EB66F31",
"versionEndExcluding": "2.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coolplugins:cryptocurrency_widgets_for_elementor:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "356F16F6-7CCA-45E4-8D3D-28647EC0E9C0",
"versionEndExcluding": "1.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coolplugins:event_single_page_builder_for_the_event_calendar:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "F7CAAE89-9BB2-4F08-BC69-0E8AF4B2738F",
"versionEndExcluding": "1.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coolplugins:events-notification-bar-addon:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "61640038-2699-41C1-A86B-6B7377F628E3",
"versionEndExcluding": "1.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coolplugins:events_search_for_the_events_calendar:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "C152C683-8E12-44C4-95BD-DF27C96E6F68",
"versionEndExcluding": "1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coolplugins:events_shortcodes_for_the_events_calendar:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "5F1F3A5B-7EEC-4460-B969-8B23B8FED3BD",
"versionEndExcluding": "2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coolplugins:events_widgets_for_elementor_and_the_events_calendar:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "B69CF29B-2A58-4C5E-AD28-E485C7055924",
"versionEndExcluding": "1.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coolplugins:the_events_calendar_countdown_addon:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "1CD54721-0C86-4B22-B69E-EC25E04DB335",
"versionEndExcluding": "1.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cryptocurrency_payment_\\\u0026_donation_box_plugins:cryptocurrency_payment_\\\u0026_donation_box:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "21665B07-BBDF-4425-B8BC-DD88452DBA78",
"versionEndExcluding": "1.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Several WordPress plugins developed by Cool Plugins are vulnerable to arbitrary plugin installation and activation that can lead to remote code execution by authenticated attackers with minimal permissions, such as a subscriber."
}
],
"id": "CVE-2022-4950",
"lastModified": "2024-11-21T07:36:18.810",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "security@wordfence.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-06-07T02:15:15.813",
"references": [
{
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
],
"url": "https://blog.nintechnet.com/8-wordpress-plugins-fixed-high-severity-vulnerability/"
},
{
"source": "security@wordfence.com",
"tags": [
"Patch"
],
"url": "https://plugins.trac.wordpress.org/changeset/2705076/cool-timeline/trunk/admin/timeline-addon-page/timeline-addon-page.php"
},
{
"source": "security@wordfence.com",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f6f0fb78-ad6b-4a9e-ae1a-5793f3426379?source=cve"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://blog.nintechnet.com/8-wordpress-plugins-fixed-high-severity-vulnerability/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://plugins.trac.wordpress.org/changeset/2705076/cool-timeline/trunk/admin/timeline-addon-page/timeline-addon-page.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f6f0fb78-ad6b-4a9e-ae1a-5793f3426379?source=cve"
}
],
"sourceIdentifier": "security@wordfence.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2020-36738 (GCVE-0-2020-36738)
Vulnerability from cvelistv5
Published
2023-07-01 03:30
Modified
2024-10-25 15:17
Severity ?
VLAI Severity ?
EPSS score ?
Summary
The Cool Timeline (Horizontal & Vertical Timeline) plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on the ctl_save() function. This makes it possible for unauthenticated attackers to save field icons via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| narinder-singh | Cool Timeline (Horizontal & Vertical Timeline) |
Version: * ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:37:06.841Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1ce7c895-e94c-46bd-9de1-f5fde29c3475?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2368335/cool-timeline/trunk/fa-icons/fa-icons-class.php"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-36738",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-25T15:15:36.353973Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T15:17:19.438Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Cool Timeline (Horizontal \u0026 Vertical Timeline)",
"vendor": "narinder-singh",
"versions": [
{
"lessThan": "2.0.3",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jerome Bruandet"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Cool Timeline (Horizontal \u0026 Vertical Timeline) plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on the ctl_save() function. This makes it possible for unauthenticated attackers to save field icons via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-01T03:30:12.869Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1ce7c895-e94c-46bd-9de1-f5fde29c3475?source=cve"
},
{
"url": "https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/"
},
{
"url": "https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/"
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/"
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/"
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/"
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/"
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2368335/cool-timeline/trunk/fa-icons/fa-icons-class.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2020-09-16T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2020-36738",
"datePublished": "2023-07-01T03:30:12.869Z",
"dateReserved": "2023-06-30T15:11:43.679Z",
"dateUpdated": "2024-10-25T15:17:19.438Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-4950 (GCVE-0-2022-4950)
Vulnerability from cvelistv5
Published
2023-06-07 01:51
Modified
2024-12-23 16:20
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Several WordPress plugins developed by Cool Plugins are vulnerable to arbitrary plugin installation and activation that can lead to remote code execution by authenticated attackers with minimal permissions, such as a subscriber.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | narinder-singh | The Events Calendar Countdown Addon |
Version: * ≤ 1.3.1 |
||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:55:46.079Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f6f0fb78-ad6b-4a9e-ae1a-5793f3426379?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2705076/cool-timeline/trunk/admin/timeline-addon-page/timeline-addon-page.php"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.nintechnet.com/8-wordpress-plugins-fixed-high-severity-vulnerability/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-4950",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-23T16:00:39.467646Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-23T16:20:36.227Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "The Events Calendar Countdown Addon",
"vendor": "narinder-singh",
"versions": [
{
"lessThanOrEqual": "1.3.1",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "The Events Calendar Events Notification Bar Addon",
"vendor": "narinder-singh",
"versions": [
{
"lessThanOrEqual": "1.1",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Cool Timeline (Horizontal \u0026 Vertical Timeline)",
"vendor": "narinder-singh",
"versions": [
{
"lessThanOrEqual": "2.3.3",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Cryptocurrency Payment \u0026 Donation Box \u2013 Accept Payments in any Cryptocurrency on your WP Site for Free",
"vendor": "blackworks1",
"versions": [
{
"lessThanOrEqual": "1.7",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Events Search For The Events Calendar",
"vendor": "narinder-singh",
"versions": [
{
"lessThanOrEqual": "1.1.3",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Cryptocurrency Widgets For Elementor",
"vendor": "coolplugins",
"versions": [
{
"lessThan": "1.3",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Event Single Page Builder For The Event Calendar",
"vendor": "narinder-singh",
"versions": [
{
"lessThanOrEqual": "1.5",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Events Shortcodes For The Events Calendar",
"vendor": "narinder-singh",
"versions": [
{
"lessThanOrEqual": "1.9.4",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Cryptocurrency Widgets \u2013 Price Ticker \u0026 Coins List",
"vendor": "narinder-singh",
"versions": [
{
"lessThanOrEqual": "2.4",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Events Widgets For Elementor And The Events Calendar",
"vendor": "coolplugins",
"versions": [
{
"lessThanOrEqual": "1.4.2",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jerome Bruandet"
}
],
"descriptions": [
{
"lang": "en",
"value": "Several WordPress plugins developed by Cool Plugins are vulnerable to arbitrary plugin installation and activation that can lead to remote code execution by authenticated attackers with minimal permissions, such as a subscriber."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-862 Missing Authorization",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-07T01:51:53.458Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f6f0fb78-ad6b-4a9e-ae1a-5793f3426379?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2705076/cool-timeline/trunk/admin/timeline-addon-page/timeline-addon-page.php"
},
{
"url": "https://blog.nintechnet.com/8-wordpress-plugins-fixed-high-severity-vulnerability/"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-04-04T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2022-4950",
"datePublished": "2023-06-07T01:51:53.458Z",
"dateReserved": "2023-06-06T13:39:44.796Z",
"dateUpdated": "2024-12-23T16:20:36.227Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}