Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
woocommerce woocommerce currency switcher vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2021-24938
The WOOCS WordPress plugin prior to 1.3.7.1 does not sanitise and escape the key parameter of the woocs_update_profiles_data AJAX action (available to any authenticated user) before outputting it back in the response, leading to a Reflected cross-Site Scripting issue
Woocommerce Woocommerce Currency Switcher
6.1
CVSSv3
CVE-2021-25043
The WOOCS WordPress plugin prior to 1.3.7.3 does not sanitise and escape the custom_prices parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue
Pluginus Woocommerce Currency Switcher
6.5
CVSSv3
CVE-2019-18668
An issue exists in the Currency Switcher addon prior to 2.11.2 for WooCommerce if a user provides a currency that was not added by the administrator. In this case, even though the currency does not exist, it will be selected, but a price amount will fall back to the default curre...
Wpwham Currency Switcher For Woocommerce
4.8
CVSSv3
CVE-2022-2575
The WBW Currency Switcher for WooCommerce WordPress plugin prior to 1.6.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed ...
Woobewoo Wbw Currency Switcher For Woocommerce
8.8
CVSSv3
CVE-2023-49834
Cross-Site Request Forgery (CSRF) vulnerability in realmag777 FOX – Currency Switcher Professional for WooCommerce.This issue affects FOX – Currency Switcher Professional for WooCommerce: from n/a up to and including 1.4.1.4.
Pluginus Fox - Currency Switcher Professional For Woocommerce
5.4
CVSSv3
CVE-2023-6556
The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via currency options in all versions up to, and including, 1.4.1.5 due to insufficient input sanitization and output escaping. This makes it possible f...
Pluginus Fox - Currency Switcher Professional For Woocommerce
5.4
CVSSv3
CVE-2022-4431
The WOOCS WordPress plugin prior to 1.3.9.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against ...
Pluginus Fox - Currency Switcher Professional For Woocommerce
8.8
CVSSv3
CVE-2021-24566
The WooCommerce Currency Switcher FOX WordPress plugin prior to 1.3.7 was vulnerable to LFI attacks via the "woocs" shortcode.
Pluginus Fox - Currency Switcher Professional For Woocommerce
NA
CVE-2024-30458
Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOOCS – WooCommerce Currency Switcher.This issue affects WOOCS – WooCommerce Currency Switcher: from n/a up to and including 1.4.1.7.
6.5
CVSSv3
CVE-2024-3734
The FOX – Currency Switcher Professional for WooCommerce plugin is vulnerable to Unauthenticated Arbitrary Shortcode Execution in versions up to, and including, 1.4.1.8. This allows unauthenticated malicious users to execute arbitrary shortcodes. The severity and exploitabi...
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started