27 matches found
CVE-2026-9241
The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to and including 1.4.6. This is due to the getvalue function in classes/fixed/fixeduserrole.php trusting the attacker-controlled...
CVE-2026-9241 FOX – Currency Switcher Professional for WooCommerce <= 1.4.6 - Authenticated (Subscriber+) Authorization Bypass via User-Controlled Key to 'wooc_order_user_roles' Parameter
The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to and including 1.4.6. This is due to the getvalue function in classes/fixed/fixeduserrole.php trusting the attacker-controlled...
CVE-2026-9241 FOX – Currency Switcher Professional for WooCommerce <= 1.4.6 - Authenticated (Subscriber+) Authorization Bypass via User-Controlled Key to 'wooc_order_user_roles' Parameter
The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to and including 1.4.6. This is due to the getvalue function in classes/fixed/fixeduserrole.php trusting the attacker-controlled...
EUVD-2023-53742
Malicious code in bioql PyPI...
WordPress WPCS – WordPress Currency Switcher Professional plugin <= 1.2.0.4 - Unauthenticated Arbitrary Shortcode Execution vulnerability
Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin WPCS versions = 1.2.0.4...
PT-2024-27485 · Woocommerce · Fox – Currency Switcher Professional
Name of the Vulnerable Software and Affected Versions: The FOX – Currency Switcher Professional for WooCommerce plugin versions up to, and including, 1.4.1.8 Description: The issue allows unauthenticated attackers to execute arbitrary shortcodes. The severity and exploitability of this issue depe...
CVE-2024-30456 WordPress WPCS – WordPress Currency Switcher Professional plugin <=1.2.0.1 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in realmag777 WPCS.This issue affects WPCS: from n/a through 1.2.0.1...
WordPress Plugin WordPress Currency Switcher Professional 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin WordPress Currency Switche...
CVE-2023-51506
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in realmag777 WPCS – WordPress Currency Switcher Professional allows Stored XSS.This issue affects WPCS – WordPress Currency Switcher Professional: from n/a through 1.2.0...
Cross site scripting
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in realmag777 WPCS – WordPress Currency Switcher Professional allows Stored XSS.This issue affects WPCS – WordPress Currency Switcher Professional: from n/a through 1.2.0...
CVE-2023-51506
CVE-2023-51506 affects WPCS – WordPress Currency Switcher Professional (Authenticated: Contributor+). It is a Stored Cross-Site Scripting vulnerability caused by improper input neutralization during web page generation. Affected product/version: WPCS Professional up to and including 1.2.0. Impact...
PT-2024-14162 · WordPress · Wpcs – Wordpress Currency Switcher Professional
Name of the Vulnerable Software and Affected Versions: WPCS – WordPress Currency Switcher Professional versions 1.2.0 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This mea...
CVE-2023-6556 FOX – Currency Switcher Professional for WooCommerce <= 1.4.1.6 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting
The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via currency options in all versions up to, and including, 1.4.1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
CVE-2023-49834
Cross-Site Request Forgery CSRF vulnerability in realmag777 FOX – Currency Switcher Professional for WooCommerce.This issue affects FOX – Currency Switcher Professional for WooCommerce: from n/a through 1.4.1.4...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in realmag777 FOX – Currency Switcher Professional for WooCommerce.This issue affects FOX – Currency Switcher Professional for WooCommerce: from n/a through 1.4.1.4...
CVE-2023-49834
CVE-2023-49834 is a CSRF vulnerability in the FOX – Currency Switcher Professional for WooCommerce (WOODS WOOCS) plugin. Affected versions are up to 1.4.1.4. The issue allows unauthenticated CSRF actions via the delete_profiles_data function, enabling an attacker to delete a user’s currency switc...
CVE-2023-2558
The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpcscurrentcurrency shortcode in versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This...
CVE-2023-2557
The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save function in versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with subscriber-level...
CVE-2023-2557
The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save function in versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with subscriber-level...
CVE-2023-2555
The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the create function in versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with subscriber-level...