Vulnerabilities > CVE-2022-4950 - Missing Authorization vulnerability in multiple products

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

coolplugins

cryptocurrency-payment-donation-box-plugins

CWE-862

NVD

Published: 2023-06-07

Updated: 2023-11-07

Summary

Several WordPress plugins developed by Cool Plugins are vulnerable to arbitrary plugin installation and activation that can lead to remote code execution by authenticated attackers with minimal permissions, such as a subscriber.

Vulnerable Configurations

Part	Description	Count
Application	Coolplugins Coolplugins THE Events Calendar Countdown Addon - Coolplugins THE Events Calendar Countdown Addon 1.3.1 Coolplugins Events Notification BAR Addon - Coolplugins Events Notification BAR Addon 1.1 Coolplugins Cool Timeline - Coolplugins Cool Timeline 1.0 Coolplugins Cool Timeline 1.0.1 Coolplugins Cool Timeline 1.0.2 Coolplugins Cool Timeline 1.0.3 Coolplugins Cool Timeline 1.0.4 Coolplugins Cool Timeline 1.0.5 Coolplugins Cool Timeline 1.0.6 Coolplugins Cool Timeline 1.0.7 Coolplugins Cool Timeline 1.0.8 Coolplugins Cool Timeline 1.0.9 Coolplugins Cool Timeline 1.1 Coolplugins Cool Timeline 1.1.1 Coolplugins Cool Timeline 1.1.2 Coolplugins Cool Timeline 1.1.3 Coolplugins Cool Timeline 1.1.4 Coolplugins Cool Timeline 1.1.5 Coolplugins Cool Timeline 1.1.6 Coolplugins Cool Timeline 1.1.7 Coolplugins Cool Timeline 1.1.8 Coolplugins Cool Timeline 1.2 Coolplugins Cool Timeline 1.3 Coolplugins Cool Timeline 1.3.1 Coolplugins Cool Timeline 1.3.2 Coolplugins Cool Timeline 1.4 Coolplugins Cool Timeline 1.5 Coolplugins Cool Timeline 1.6 Coolplugins Cool Timeline 1.6.1 Coolplugins Cool Timeline 1.6.2 Coolplugins Cool Timeline 1.6.3 Coolplugins Cool Timeline 1.7 Coolplugins Cool Timeline 1.8 Coolplugins Cool Timeline 1.9 Coolplugins Cool Timeline 1.9.1 Coolplugins Cool Timeline 1.9.2 Coolplugins Cool Timeline 1.9.3 Coolplugins Cool Timeline 1.9.4 Coolplugins Cool Timeline 2.0 Coolplugins Cool Timeline 2.0.1 Coolplugins Cool Timeline 2.0.2 Coolplugins Cool Timeline 2.0.3 Coolplugins Cool Timeline 2.0.4 Coolplugins Cool Timeline 2.0.5 Coolplugins Cool Timeline 2.0.6 Coolplugins Cool Timeline 2.0.7 Coolplugins Cool Timeline 2.1 Coolplugins Cool Timeline 2.2 Coolplugins Cool Timeline 2.2.2 Coolplugins Cool Timeline 2.2.3 Coolplugins Cool Timeline 2.3 Coolplugins Cool Timeline 2.3.2 Coolplugins Cool Timeline 2.3.3 Coolplugins Events Shortcodes FOR THE Events Calendar - Coolplugins Events Shortcodes FOR THE Events Calendar 1.9.4 Coolplugins Event Single Page Builder FOR THE Event Calendar - Coolplugins Event Single Page Builder FOR THE Event Calendar 1.5 Coolplugins Events Search FOR THE Events Calendar - Coolplugins Events Search FOR THE Events Calendar 1.1.3 Coolplugins Events Widgets FOR Elementor AND THE Events Calendar - Coolplugins Events Widgets FOR Elementor AND THE Events Calendar 1.4.2 Coolplugins Cryptocurrency Widgets FOR Elementor - Coolplugins Cryptocurrency Widgets - Coolplugins Cryptocurrency Widgets 2.4	67
Application	Cryptocurrency_Payment_\&_Donation_Box_Plugins Cryptocurrency Payment & Donation BOX Plugins Cryptocurrency Payment & Donation BOX - Cryptocurrency Payment & Donation BOX Plugins Cryptocurrency Payment & Donation BOX 1.7	2

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References