WordPress FX Currency Converter plugin cross-site scripting vulnerability

WordPress FX Currency Converter plugin is a plugin for WordPress websites designed to provide currency conversion functionality that allows users to perform real-time exchange rate calculations between different currencies. The WordPress FX Currency Converter plugin suffers from a cross-site...

CVE-2025-13963 FX Currency Converter <= 0.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The FX Currency Converter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'fxccconvert' shortcode in all versions up to, and including, 0.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-6257

The Euro FxRef Currency Converter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's currency shortcode in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2023-28747

Cross-Site Request Forgery CSRF vulnerability in codeboxr CBX Currency Converter plugin = 3.0.3 versions...

PT-2023-21933 · Unknown · Cbx Currency Converter

Name of the Vulnerable Software and Affected Versions: CBX Currency Converter plugin versions = 3.0.3 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This means an attacker could potentially trick a user into performing unintended actions on a web application...

CVE-2015-10115

CVE-2015-10115 affects WooSidebars Sidebar Manager Converter Plugin for WordPress up to version 1.1.1, specifically the process_request function in classes/class-woosidebars-sbm-converter.php. The vulnerability allows an open redirect and can be triggered remotely. The issue is fixed by upgrading...

Rundeck's Key Storage converter plugin mechanism's encryption layer not working in 4.2.0, 4.2.1, 4.3.0

Impact The Key Storage converter plugin mechanism was not enabled correctly in Rundeck 4.2.0 and 4.2.1, resulting in use of the encryption layer for Key Storage possibly not working. Any credentials created or overwritten using Rundeck 4.2.0 or 4.2.1 might result in them being written in plaintex...

Rundeck 安全漏洞

Rundeck is an open source automation service with a Web console, command line tools and WebAPI from Rundeck, Inc. that is primarily used to run automation tasks. versions 4.2.0 and 4.2.1 of Rundeck contain a plaintext storage vulnerability that stems from not properly enabling the Key Storage...

CVE-2015-5065

Absolute path traversal vulnerability in proxy.php in the google currency lookup in the Paypal Currency Converter Basic For WooCommerce plugin before 1.4 for WordPress allows remote attackers to read arbitrary files via a full pathname in the requrl parameter...