Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Cool Plugins — Vulnerabilities & Security Advisories 7

Browse all 7 CVE security advisories affecting Cool Plugins. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Cool Plugins develops WordPress extensions that enhance website functionality with themes and plugins. Historically, their products have frequently contained remote code execution (RCE) and cross-site scripting (XSS) vulnerabilities, often stemming from insufficient input validation and sanitization. Privilege escalation issues have also been common, allowing unauthorized access to administrative functions. While no major public security incidents have been documented, the 7 CVEs on record indicate consistent security flaws that could enable complete website compromise. Their plugin architecture typically lacks robust access controls, making them attractive targets for attackers seeking to deploy malware or steal sensitive data.

Top products by Cool Plugins: Cryptocurrency Widgets – Price Ticker & Coins List Events Shortcodes For The Events Calendar Web Stories Widgets For Elementor Cryptocurrency Widgets For Elementor Elementor Contact Form DB
CVE IDTitleCVSSSeverityPublished
CVE-2026-25320 WordPress Elementor Contact Form DB plugin <= 2.1.3 - Broken Access Control vulnerability — Elementor Contact Form DBCWE-862 5.3 Medium2026-02-19
CVE-2023-36681 WordPress Cryptocurrency Widgets – Price Ticker & Coins List plugin <= 2.6.2 - Broken Access Control vulnerability — Cryptocurrency Widgets – Price Ticker & Coins ListCWE-862 5.3 Medium2024-12-13
CVE-2024-53739 WordPress Cryptocurrency Widgets For Elementor plugin <= 1.6.4 - Local File Inclusion vulnerability — Cryptocurrency Widgets For ElementorCWE-98 8.1 High2024-11-30
CVE-2024-52354 WordPress Web Stories Widgets For Elementor plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability — Web Stories Widgets For ElementorCWE-79 6.5 Medium2024-11-11
CVE-2024-43304 WordPress Cryptocurrency Widgets plugin <= 2.8.0 - Reflected Cross Site Scripting (XSS) vulnerability — Cryptocurrency Widgets – Price Ticker & Coins ListCWE-79 7.1 High2024-08-18
CVE-2024-27953 WordPress Cryptocurrency Widgets – Price Ticker & Coins List Plugin <= 2.6.8 is vulnerable to Broken Access Control — Cryptocurrency Widgets – Price Ticker & Coins ListCWE-862 4.7 Medium2024-03-13
CVE-2023-52142 WordPress Events Shortcodes & Templates For The Events Calendar Plugin <= 2.3.1 is vulnerable to SQL Injection — Events Shortcodes For The Events CalendarCWE-89 7.6 High2024-01-08

This page lists every published CVE security advisory associated with Cool Plugins. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.