CVE-2025-2169

The The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.2.0.4. This is due to the software allowing users to execute an action that does not properly validate a value before running...

CVE-2025-2169

CVE-2025-2169 affects WPCS – WordPress Currency Switcher Professional (WordPress plugin) up to version 1.2.0.4. The issue arises from unvalidated input feeding do_shortcode, enabling unauthenticated attackers to execute arbitrary shortcodes. Connected sources confirm the vulnerability and indicat...

WordPress WPCS Plugin <= 1.2.0.3 is vulnerable to Content Injection

Software WPCS Type Plugin Vulnerable versions = 1.2.0.3 Fixed in 1.2.0.4 OWASP Top 10 A3: Injection Classification Content Injection CVE CVE-2024-38700 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 2b3604018b32 Credits stealthcopter Required privilege Unauthenticat...

WPCS < 1.2.0.2 - Cross-Site Request Forgery

Description The WPCS plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.0.1. This is due to missing or incorrect nonce validation on the saveetalon function. This makes it possible for unauthenticated attackers to update the plugin's settings vi...

WordPress WPCS Plugin <= 1.2.0.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software WPCS Type Plugin Vulnerable versions = 1.2.0.1 Fixed in 1.2.0.2 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-30456 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 88357d12cef3 Credits Dhabaleshwar Das Required...

CVE-2023-51506 WordPress WPCS Plugin <= 1.2.0 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in realmag777 WPCS – WordPress Currency Switcher Professional allows Stored XSS.This issue affects WPCS – WordPress Currency Switcher Professional: from n/a through 1.2.0...

CVE-2023-51506 WordPress WPCS Plugin <= 1.2.0 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in realmag777 WPCS – WordPress Currency Switcher Professional allows Stored XSS.This issue affects WPCS – WordPress Currency Switcher Professional: from n/a through 1.2.0...

WordPress plugin WPCS cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

WordPress WPCS Plugin <= 1.2.0 is vulnerable to Cross Site Scripting (XSS)

Software WPCS Type Plugin Vulnerable versions = 1.2.0 Fixed in 1.2.0.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-51506 Patch priority Low CVSS severity Low 5.5 Developer Claim ownership PSID 8263d2966a43 Credits Ngô Thiên An ancorn from VNPT-VCI Required...

CVE-2023-2557 WPCS – WordPress Currency Switcher Professional <= 1.1.9 - Missing Authorization to Arbitrary Custom Drop-Down Currency Switcher Editing

The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save function in versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with subscriber-level...

WordPress WPCS Plugin <= 1.1.9 is vulnerable to Broken Access Control

Software WPCS Type Plugin Vulnerable versions = 1.1.9 Fixed in 1.2.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-2556 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 05cf802e36e5 Credits Alex Thomas Required privilege...

WordPress WPCS Plugin <= 1.1.9 is vulnerable to Cross Site Scripting (XSS)

Software WPCS Type Plugin Vulnerable versions = 1.1.9 Fixed in 1.2.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2558 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID d4269971d7d0 Credits Alex Thomas Required privileg...

WordPress WPCS plugin <= 1.1.6 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered by Mizuki Takagi Cryptography Laboratory, Tokyo Denki University in WordPress WPCS plugin versions = 1.1.6. Solution Update the WordPress WPCS plugin to the latest available version at least 1.1.7...