Lucene search

WPScanCVE-2021-24566

HistoryJan 16, 2024 - 4:15 p.m.

CVE-2021-24566

2024-01-1616:15:09

WPScan

web.nvd.nist.gov

woocommerce

currency switcher

fox

plugin

1.3.7

lfi

vulnerability

nvd

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.6

Confidence

High

EPSS

0.001

Percentile

19.3%

JSON

The WooCommerce Currency Switcher FOX WordPress plugin before 1.3.7 was vulnerable to LFI attacks via the “woocs” shortcode.

Affected configurations

Nvd

Vulners

Node

pluginusfox_-_currency_switcher_professional_for_woocommerceRange<1.3.7wordpress

VendorProductVersionCPE
pluginusfox_-_currency_switcher_professional_for_woocommerce*cpe:2.3:a:pluginus:fox_-_currency_switcher_professional_for_woocommerce:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
pluginus	fox_-_currency_switcher_professional_for_woocommerce	*	cpe:2.3:a:pluginus:fox_-_currency_switcher_professional_for_woocommerce::::::wordpress::*

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "FOX",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThan": "1.3.7"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]

References

jetpack.com/2021/07/22/severe-vulnerability-patched-in-woocommerce-currency-switcher/

wpscan.com/vulnerability/a0bc4b13-53fe-462d-8306-8915196d3a5a/

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.6

Confidence

High

EPSS

0.001

Percentile

19.3%

JSON

Related for CVE-2021-24566