CVE-2022-4950

HIGH 8.8

Cool Plugins (Various Versions) - Arbitrary Plugin Installation and Activation

CVSS Score

8.8

EPSS Score

0.0%

EPSS Percentile

0th

Several WordPress plugins developed by Cool Plugins are vulnerable to arbitrary plugin installation and activation that can lead to remote code execution by authenticated attackers with minimal permissions, such as a subscriber.

CWE	CWE-862
Vendor	narinder-singh
Product	the events calendar events notification bar addon
Published	Jun 7, 2023
Last Updated	Apr 8, 2026

Stay Ahead of the Next One

Get instant alerts for narinder-singh the events calendar events notification bar addon

Be the first to know when new high vulnerabilities affecting narinder-singh the events calendar events notification bar addon are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

narinder-singh / The Events Calendar Events Notification Bar Addon

0 ≤ 1.1

narinder-singh / Events Search For The Events Calendar

0 ≤ 1.1.3

coolplugins / Cryptocurrency Widgets For Elementor

0 < 1.3

narinder-singh / Event Countdown for The Events Calendar

0 ≤ 1.3.1

coolplugins / Events Widgets For Elementor And The Events Calendar

0 ≤ 1.4.2

narinder-singh / Event Single Page Builder For The Events Calendar

0 ≤ 1.5

blackworks1 / Cryptocurrency Donation Box – Bitcoin & Crypto Donations

0 ≤ 1.7

narinder-singh / Events Shortcodes For The Events Calendar

0 ≤ 1.9.4

narinder-singh / Cool Timeline (Horizontal & Vertical Timeline)

0 ≤ 2.3.3

narinder-singh / Cryptocurrency Widgets – Price Ticker & Coins List

0 ≤ 2.4

References

NVD ↗ CVE.org ↗ EPSS Data ↗

wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/id/f6f0fb78-ad6b-4a9e-ae1a-5793f3426379?source=cve plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/changeset/2705076/cool-timeline/trunk/admin/timeline-addon-page/timeline-addon-page.php blog.nintechnet.com: https://blog.nintechnet.com/8-wordpress-plugins-fixed-high-severity-vulnerability/

Credits

Jerome Bruandet