Arbitrary Plugin Installation Vulnerability in Cool Plugins for WordPress
CVE-2022-4950
8.8HIGH
Key Information:
What is CVE-2022-4950?
Several WordPress plugins developed by Cool Plugins are susceptible to unauthorized arbitrary plugin installation and activation. This vulnerability allows authenticated attackers, even those with minimal permissions like subscribers, to execute remote code. As a result, they can potentially gain control over the WordPress site, posing significant risks to its integrity and security.
Affected Version(s)
Cool Timeline (Horizontal & Vertical Timeline) * <= 2.3.3
Cryptocurrency Payment & Donation Box – Accept Payments in any Cryptocurrency on your WP Site for Free * <= 1.7
Cryptocurrency Widgets – Price Ticker & Coins List * <= 2.4