CVE-2022-4950— Cool Plugins (Various Versions) - Arbitrary Plugin Installation and Activation

CVSS 8.8 · High EPSS 5.42% · P90 Updated Apr 09, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2022-4950

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Cool Plugins (Various Versions) - Arbitrary Plugin Installation and Activation

Source: NVD (National Vulnerability Database)

Vulnerability Description

Several WordPress plugins developed by Cool Plugins are vulnerable to arbitrary plugin installation and activation that can lead to remote code execution by authenticated attackers with minimal permissions, such as a subscriber.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Source: NVD (National Vulnerability Database)

Vulnerability Type

授权机制缺失

Source: NVD (National Vulnerability Database)

Vulnerability Title

WordPress多个Cool Plugins开发插件安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress多个Cool Plugins开发的插件存在安全漏洞，该漏洞源于容易受到任意插件安装和激活的影响，这可能导致经过身份验证的攻击者以最小权限（例如订阅者）远程执行代码。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE
narinder-singh	The Events Calendar Countdown Addon	* ~ 1.3.1	-
narinder-singh	The Events Calendar Events Notification Bar Addon	* ~ 1.1	-
narinder-singh	Cool Timeline (Horizontal & Vertical Timeline)	* ~ 2.3.3	-
blackworks1	Cryptocurrency Payment & Donation Box – Accept Payments in any Cryptocurrency on your WP Site for Free	* ~ 1.7	-
narinder-singh	Events Search For The Events Calendar	* ~ 1.1.3	-
coolplugins	Cryptocurrency Widgets For Elementor	* ~ 1.3	-
narinder-singh	Event Single Page Builder For The Event Calendar	* ~ 1.5	-
narinder-singh	Events Shortcodes For The Events Calendar	* ~ 1.9.4	-
narinder-singh	Cryptocurrency Widgets – Price Ticker & Coins List	* ~ 2.4	-
coolplugins	Events Widgets For Elementor And The Events Calendar	* ~ 1.4.2	-

II. Public POCs for CVE-2022-4950

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2022-4950

请登录查看更多情报信息。

IV. Related Vulnerabilities

Same vendor: narinder-singh

Same weakness: CWE-862

V. Comments for CVE-2022-4950

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2022-4950— Cool Plugins (Various Versions) - Arbitrary Plugin Installation and Activation

I. Basic Information for CVE-2022-4950

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2022-4950

III. Intelligence Information for CVE-2022-4950

IV. Related Vulnerabilities

V. Comments for CVE-2022-4950

Leave a comment