MidnightBSD

Advisories for cryptocurrency_payment_&_donation_box_plugins

CVE-2022-4950

Several WordPress plugins developed by Cool Plugins are vulnerable to arbitrary plugin installation and activation that can lead to remote code execution by authenticated attackers with minimal permissions, such as a subscriber.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@wordfence.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
coolplugins cryptocurrency_widgets_for_elementor *
coolplugins cool_timeline *
coolplugins events-notification-bar-addon *
coolplugins events_widgets_for_elementor_and_the_events_calendar *
coolplugins the_events_calendar_countdown_addon *
coolplugins event_single_page_builder_for_the_event_calendar *
coolplugins events_search_for_the_events_calendar *
coolplugins cryptocurrency_widgets *
cryptocurrency_payment_&_donation_box_plugins cryptocurrency_payment_&_donation_box *
coolplugins events_shortcodes_for_the_events_calendar *