CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
76.2%
Several WordPress plugins developed by Cool Plugins are vulnerable to arbitrary plugin installation and activation that can lead to remote code execution by authenticated attackers with minimal permissions, such as a subscriber.
[
{
"vendor": "narinder-singh",
"product": "The Events Calendar Countdown Addon",
"versions": [
{
"version": "*",
"status": "affected",
"lessThanOrEqual": "1.3.1",
"versionType": "semver"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "narinder-singh",
"product": "The Events Calendar Events Notification Bar Addon",
"versions": [
{
"version": "*",
"status": "affected",
"lessThanOrEqual": "1.1",
"versionType": "semver"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "narinder-singh",
"product": "Cool Timeline (Horizontal & Vertical Timeline)",
"versions": [
{
"version": "*",
"status": "affected",
"lessThanOrEqual": "2.3.3",
"versionType": "semver"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "blackworks1",
"product": "Cryptocurrency Payment & Donation Box – Accept Payments in any Cryptocurrency on your WP Site for Free",
"versions": [
{
"version": "*",
"status": "affected",
"lessThanOrEqual": "1.7",
"versionType": "semver"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "narinder-singh",
"product": "Events Search For The Events Calendar",
"versions": [
{
"version": "*",
"status": "affected",
"lessThanOrEqual": "1.1.3",
"versionType": "semver"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "coolplugins",
"product": "Cryptocurrency Widgets For Elementor",
"versions": [
{
"version": "*",
"status": "affected",
"lessThan": "1.3",
"versionType": "semver"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "narinder-singh",
"product": "Event Single Page Builder For The Event Calendar",
"versions": [
{
"version": "*",
"status": "affected",
"lessThanOrEqual": "1.5",
"versionType": "semver"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "narinder-singh",
"product": "Events Shortcodes For The Events Calendar",
"versions": [
{
"version": "*",
"status": "affected",
"lessThanOrEqual": "1.9.4",
"versionType": "semver"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "narinder-singh",
"product": "Cryptocurrency Widgets – Price Ticker & Coins List",
"versions": [
{
"version": "*",
"status": "affected",
"lessThanOrEqual": "2.4",
"versionType": "semver"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "coolplugins",
"product": "Events Widgets For Elementor And The Events Calendar",
"versions": [
{
"version": "*",
"status": "affected",
"lessThanOrEqual": "1.4.2",
"versionType": "semver"
}
],
"defaultStatus": "unaffected"
}
]
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
76.2%