Lucene search
K

27 matches found

NVD
NVD
added 2026/05/28 5:16 a.m.20 views

CVE-2026-9241

The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to and including 1.4.6. This is due to the getvalue function in classes/fixed/fixeduserrole.php trusting the attacker-controlled...

4.3CVSS0.00213EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/28 3:27 a.m.9 views

CVE-2026-9241 FOX – Currency Switcher Professional for WooCommerce <= 1.4.6 - Authenticated (Subscriber+) Authorization Bypass via User-Controlled Key to 'wooc_order_user_roles' Parameter

The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to and including 1.4.6. This is due to the getvalue function in classes/fixed/fixeduserrole.php trusting the attacker-controlled...

4.3CVSS5.7AI score0.00213EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/28 3:27 a.m.35 views

CVE-2026-9241 FOX – Currency Switcher Professional for WooCommerce <= 1.4.6 - Authenticated (Subscriber+) Authorization Bypass via User-Controlled Key to 'wooc_order_user_roles' Parameter

The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to and including 1.4.6. This is due to the getvalue function in classes/fixed/fixeduserrole.php trusting the attacker-controlled...

4.3CVSS0.00213EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-53742

Malicious code in bioql PyPI...

8.8CVSS9.1AI score0.00254EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/03/10 5:57 p.m.5 views

WordPress WPCS – WordPress Currency Switcher Professional plugin <= 1.2.0.4 - Unauthenticated Arbitrary Shortcode Execution vulnerability

Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin WPCS versions = 1.2.0.4...

7.3CVSS7.1AI score0.00503EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/05/02 12:0 a.m.4 views

PT-2024-27485 · Woocommerce · Fox – Currency Switcher Professional

Name of the Vulnerable Software and Affected Versions: The FOX – Currency Switcher Professional for WooCommerce plugin versions up to, and including, 1.4.1.8 Description: The issue allows unauthenticated attackers to execute arbitrary shortcodes. The severity and exploitability of this issue depe...

6.5CVSS8AI score0.01032EPSS
Exploits0References5
Cvelist
Cvelist
added 2024/03/29 1:7 p.m.32 views

CVE-2024-30456 WordPress WPCS – WordPress Currency Switcher Professional plugin <=1.2.0.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in realmag777 WPCS.This issue affects WPCS: from n/a through 1.2.0.1...

4.3CVSS5AI score0.00241EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/03/29 12:0 a.m.4 views

WordPress Plugin WordPress Currency Switcher Professional 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin WordPress Currency Switche...

8.8CVSS8.1AI score0.00241EPSS
Exploits0References2
NVD
NVD
added 2024/02/01 12:15 p.m.26 views

CVE-2023-51506

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in realmag777 WPCS – WordPress Currency Switcher Professional allows Stored XSS.This issue affects WPCS – WordPress Currency Switcher Professional: from n/a through 1.2.0...

5.5CVSS5.5AI score0.00275EPSS
Exploits0References1
Prion
Prion
added 2024/02/01 12:15 p.m.16 views

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in realmag777 WPCS – WordPress Currency Switcher Professional allows Stored XSS.This issue affects WPCS – WordPress Currency Switcher Professional: from n/a through 1.2.0...

4.9CVSS6.9AI score0.00275EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/02/01 11:22 a.m.86 views

CVE-2023-51506

CVE-2023-51506 affects WPCS – WordPress Currency Switcher Professional (Authenticated: Contributor+). It is a Stored Cross-Site Scripting vulnerability caused by improper input neutralization during web page generation. Affected product/version: WPCS Professional up to and including 1.2.0. Impact...

5.5CVSS6.7AI score0.00275EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/02/01 12:0 a.m.5 views

PT-2024-14162 · WordPress · Wpcs – Wordpress Currency Switcher Professional

Name of the Vulnerable Software and Affected Versions: WPCS – WordPress Currency Switcher Professional versions 1.2.0 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This mea...

5.5CVSS6.1AI score0.00275EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2024/01/11 8:32 a.m.2 views

CVE-2023-6556 FOX – Currency Switcher Professional for WooCommerce <= 1.4.1.6 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting

The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via currency options in all versions up to, and including, 1.4.1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

5.4CVSS6.1AI score0.00416EPSS
Exploits0References4
OSV
OSV
added 2023/12/17 11:15 a.m.7 views

CVE-2023-49834

Cross-Site Request Forgery CSRF vulnerability in realmag777 FOX – Currency Switcher Professional for WooCommerce.This issue affects FOX – Currency Switcher Professional for WooCommerce: from n/a through 1.4.1.4...

8.8CVSS5.8AI score0.00254EPSS
Exploits0References1
Prion
Prion
added 2023/12/17 11:15 a.m.16 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in realmag777 FOX – Currency Switcher Professional for WooCommerce.This issue affects FOX – Currency Switcher Professional for WooCommerce: from n/a through 1.4.1.4...

6.8CVSS7.2AI score0.00254EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/12/17 10:38 a.m.55 views

CVE-2023-49834

CVE-2023-49834 is a CSRF vulnerability in the FOX – Currency Switcher Professional for WooCommerce (WOODS WOOCS) plugin. Affected versions are up to 1.4.1.4. The issue allows unauthenticated CSRF actions via the delete_profiles_data function, enabling an attacker to delete a user’s currency switc...

8.8CVSS8.5AI score0.00254EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/06/09 6:16 a.m.2 views

CVE-2023-2558

The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpcscurrentcurrency shortcode in versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This...

5.4CVSS6.8AI score0.00365EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/06/09 6:16 a.m.3 views

CVE-2023-2557

The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save function in versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with subscriber-level...

4.3CVSS6.8AI score0.00409EPSS
Exploits0References3
OSV
OSV
added 2023/06/09 6:16 a.m.5 views

CVE-2023-2557

The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save function in versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with subscriber-level...

4.3CVSS6.7AI score0.00409EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/06/09 6:16 a.m.2 views

CVE-2023-2555

The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the create function in versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with subscriber-level...

4.3CVSS6.8AI score0.00434EPSS
Exploits0References3
Rows per page
Query Builder