CVE-2022-4950
high-risk
Published 2023-06-07
Several WordPress plugins developed by Cool Plugins are vulnerable to arbitrary plugin installation and activation that can lead to remote code execution by authenticated attackers with minimal permissions, such as a subscriber.
Do I need to act?
~
5.4% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10
High
NETWORK
/ LOW complexity
Affected Products (10)
Cool Timeline
Cryptocurrency Widgets
Cryptocurrency Widgets For Elementor
Event Single Page Builder For The Event Calendar
Events-Notification-Bar-Addon
Events Search For The Events Calendar
Events Shortcodes For The Events Calendar
Events Widgets For Elementor And The Events Calendar
The Events Calendar Countdown Addon
Cryptocurrency Payment \& Donation Box
Affected Vendors
References (6)
Third Party Advisory
https://blog.nintechnet.com/8-wordpress-plugins-fixed-high-severity-vulnerabilit...
Third Party Advisory
https://blog.nintechnet.com/8-wordpress-plugins-fixed-high-severity-vulnerabilit...
54
/ 100
high-risk
Severity
30/34 · Critical
Exploitability
8/34 · Low
Exposure
16/34 · Moderate