571 matches found
CVE-2026-9241
The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to and including 1.4.6. This is due to the getvalue function in classes/fixed/fixeduserrole.php trusting the attacker-controlled...
CVE-2026-6456
The Account Switcher plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.2. This is due to the rememberLogin REST API endpoint using a loose comparison != instead of !== for secret validation at app/RestAPI.php:111, combined with no validation that...
CVE-2026-42733
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RealMag777 WPCS currency-switcher allows DOM-Based XSS.This issue affects WPCS: from n/a through = 1.3.1...
CVE-2026-9241
The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to and including 1.4.6. This is due to the getvalue function in classes/fixed/fixeduserrole.php trusting the attacker-controlled...
EUVD-2026-32703
The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to and including 1.4.6. This is due to the getvalue function in classes/fixed/fixeduserrole.php trusting the attacker-controlled...
CVE-2026-9241 FOX – Currency Switcher Professional for WooCommerce <= 1.4.6 - Authenticated (Subscriber+) Authorization Bypass via User-Controlled Key to 'wooc_order_user_roles' Parameter
The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to and including 1.4.6. This is due to the getvalue function in classes/fixed/fixeduserrole.php trusting the attacker-controlled...
CVE-2026-9241
The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to and including 1.4.6. This is due to the getvalue function in classes/fixed/fixeduserrole.php trusting the attacker-controlled...
CVE-2026-9241 FOX – Currency Switcher Professional for WooCommerce <= 1.4.6 - Authenticated (Subscriber+) Authorization Bypass via User-Controlled Key to 'wooc_order_user_roles' Parameter
The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to and including 1.4.6. This is due to the getvalue function in classes/fixed/fixeduserrole.php trusting the attacker-controlled...
WordPress plugin FOX – Currency Switcher Professional for WooCommerce 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
PT-2026-44181
The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to and including 1.4.6. This is due to the get value function in classes/fixed/fixed user role.php trusting the attacker-controlled $...
WordPress FOX – Currency Switcher Professional for WooCommerce plugin <= 1.4.6 - Authenticated (Subscriber+) Authorization Bypass vulnerability
Authenticated Subscriber+ Authorization Bypass vulnerability discovered by Long Lagon in WordPress Plugin FOX versions = 1.4.6...
CVE-2026-42733
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RealMag777 WPCS currency-switcher allows DOM-Based XSS.This issue affects WPCS: from n/a through = 1.3.1...
EUVD-2026-32184
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RealMag777 WPCS currency-switcher allows DOM-Based XSS.This issue affects WPCS: from n/a through = 1.3.1...
CVE-2026-42733 WordPress WPCS plugin <= 1.3.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RealMag777 WPCS currency-switcher allows DOM-Based XSS.This issue affects WPCS: from n/a through = 1.3.1...
CVE-2026-42733 WordPress WPCS plugin <= 1.3.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RealMag777 WPCS currency-switcher allows DOM-Based XSS.This issue affects WPCS: from n/a through = 1.3.1...
CVE-2026-42733
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RealMag777 WPCS currency-switcher allows DOM-Based XSS.This issue affects WPCS: from n/a through = 1.3.1...
PT-2026-43645
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RealMag777 WPCS currency-switcher allows DOM-Based XSS.This issue affects WPCS: from n/a through = 1.3.1...
WordPress Account Switcher plugin <= 1.0.2 - Authenticated (Subscriber+) Authentication Bypass to Privilege Escalation vulnerability
Authenticated Subscriber+ Authentication Bypass to Privilege Escalation vulnerability discovered by Ren Voza in WordPress Plugin Account Switcher versions = 1.0.2...
Astra Linux - уязвимость в chromium
Before version 101.0.4951.41, using the Browser Switcher in Google Chrome allowed a remote attacker to potentially exploit heap corruption by using a crafted HTML page, as long as that attacker could convince a user to perform certain user interactions...
Astra Linux - уязвимость в chromium
Insufficient data validation in the Browser Switcher component of Google Chrome prior to version 124.0.6367.60 allowed a remote attacker to inject scripts or HTML into a privileged page via a malicious file. Chromium security severity: Medium...