CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
76.2%
Several WordPress plugins developed by Cool Plugins are vulnerable to arbitrary plugin installation and activation that can lead to remote code execution by authenticated attackers with minimal permissions, such as a subscriber.
Vendor | Product | Version | CPE |
---|---|---|---|
coolplugins | cool_timeline | * | cpe:2.3:a:coolplugins:cool_timeline:*:*:*:*:*:wordpress:*:* |
coolplugins | cryptocurrency_widgets | * | cpe:2.3:a:coolplugins:cryptocurrency_widgets:*:*:*:*:*:wordpress:*:* |
coolplugins | cryptocurrency_widgets_for_elementor | * | cpe:2.3:a:coolplugins:cryptocurrency_widgets_for_elementor:*:*:*:*:*:wordpress:*:* |
coolplugins | event_single_page_builder_for_the_event_calendar | * | cpe:2.3:a:coolplugins:event_single_page_builder_for_the_event_calendar:*:*:*:*:*:wordpress:*:* |
coolplugins | events-notification-bar-addon | * | cpe:2.3:a:coolplugins:events-notification-bar-addon:*:*:*:*:*:wordpress:*:* |
coolplugins | events_search_for_the_events_calendar | * | cpe:2.3:a:coolplugins:events_search_for_the_events_calendar:*:*:*:*:*:wordpress:*:* |
coolplugins | events_shortcodes_for_the_events_calendar | * | cpe:2.3:a:coolplugins:events_shortcodes_for_the_events_calendar:*:*:*:*:*:wordpress:*:* |
coolplugins | events_widgets_for_elementor_and_the_events_calendar | * | cpe:2.3:a:coolplugins:events_widgets_for_elementor_and_the_events_calendar:*:*:*:*:*:wordpress:*:* |
coolplugins | the_events_calendar_countdown_addon | * | cpe:2.3:a:coolplugins:the_events_calendar_countdown_addon:*:*:*:*:*:wordpress:*:* |
cryptocurrency_payment_\&_donation_box_plugins | cryptocurrency_payment_\&_donation_box | * | cpe:2.3:a:cryptocurrency_payment_\&_donation_box_plugins:cryptocurrency_payment_\&_donation_box:*:*:*:*:*:wordpress:*:* |
[
{
"vendor": "narinder-singh",
"product": "The Events Calendar Countdown Addon",
"versions": [
{
"version": "*",
"status": "affected",
"lessThanOrEqual": "1.3.1",
"versionType": "semver"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "narinder-singh",
"product": "The Events Calendar Events Notification Bar Addon",
"versions": [
{
"version": "*",
"status": "affected",
"lessThanOrEqual": "1.1",
"versionType": "semver"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "narinder-singh",
"product": "Cool Timeline (Horizontal & Vertical Timeline)",
"versions": [
{
"version": "*",
"status": "affected",
"lessThanOrEqual": "2.3.3",
"versionType": "semver"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "blackworks1",
"product": "Cryptocurrency Payment & Donation Box – Accept Payments in any Cryptocurrency on your WP Site for Free",
"versions": [
{
"version": "*",
"status": "affected",
"lessThanOrEqual": "1.7",
"versionType": "semver"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "narinder-singh",
"product": "Events Search For The Events Calendar",
"versions": [
{
"version": "*",
"status": "affected",
"lessThanOrEqual": "1.1.3",
"versionType": "semver"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "coolplugins",
"product": "Cryptocurrency Widgets For Elementor",
"versions": [
{
"version": "*",
"status": "affected",
"lessThan": "1.3",
"versionType": "semver"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "narinder-singh",
"product": "Event Single Page Builder For The Event Calendar",
"versions": [
{
"version": "*",
"status": "affected",
"lessThanOrEqual": "1.5",
"versionType": "semver"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "narinder-singh",
"product": "Events Shortcodes For The Events Calendar",
"versions": [
{
"version": "*",
"status": "affected",
"lessThanOrEqual": "1.9.4",
"versionType": "semver"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "narinder-singh",
"product": "Cryptocurrency Widgets – Price Ticker & Coins List",
"versions": [
{
"version": "*",
"status": "affected",
"lessThanOrEqual": "2.4",
"versionType": "semver"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "coolplugins",
"product": "Events Widgets For Elementor And The Events Calendar",
"versions": [
{
"version": "*",
"status": "affected",
"lessThanOrEqual": "1.4.2",
"versionType": "semver"
}
],
"defaultStatus": "unaffected"
}
]