CVE-2022-4950
🟡 Monitoruj
Luka w wtyczkach WordPress od Cool Plugins umożliwia zdalne wykonanie kodu przez uwierzytelnionych atakujących.
CVSS
8.8
EPSS
5.4%
Exploit
none
Vendor
coolplugins
Opis źródłowy (NVD)
Several WordPress plugins developed by Cool Plugins are vulnerable to arbitrary plugin installation and activation that can lead to remote code execution by authenticated attackers with minimal permissions, such as a subscriber.
rce
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 8.8 |
| CISA KEV (aktywnie wykorzystywane) | Nie |
| FIRST EPSS (prawdopodobieństwo exploita) | 5.4% |
| Opublikowano (NVD) | 2023-06-07 02:15:15 UTC |
| Ostatnia modyfikacja (NVD) | 2026-04-08 19:17:58 UTC |
Referencje
- https://blog.nintechnet.com/8-wordpress-plugins-fixed-high-severity-vulnerability/ (security@wordfence.com) [Third Party Advisory]
- https://plugins.trac.wordpress.org/changeset/2705076/cool-timeline/trunk/admin/timeline-addon-page/timeline-addon-page.php (security@wordfence.com) [Patch]
- https://www.wordfence.com/threat-intel/vulnerabilities/id/f6f0fb78-ad6b-4a9e-ae1a-5793f3426379?source=cve (security@wordfence.com) [Broken Link, Third Party Advisory]