CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in VillaTheme CURCY – Multi Currency for WooCommerce allows Stored XSS.This issue affects CURCY – Multi Currency for WooCommerce: from n/a through 2.2.0...

6.5CVSS6.7AI score0.00169EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 9:45 p.m.•6 views

CVE-2022-46796

Missing Authorization vulnerability in VillaTheme CURCY allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CURCY: from n/a through 2.1.25...

6.5CVSS8AI score0.00107EPSS

Exploits0References1

RedhatCVE•added 2025/05/18 4:4 p.m.•17 views

CVE-2025-47563

Missing Authorization vulnerability in villatheme CURCY woocommerce-multi-currency allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects CURCY: from n/a through = 2.3.7...

5.3CVSS7.2AI score0.0023EPSS

Exploits0References1

NVD•added 2025/05/16 4:15 p.m.•15 views

CVE-2025-47563

5.3CVSS0.0023EPSS

Exploits0References1

CVE•added 2025/05/16 3:45 p.m.•24 views

CVE-2025-47563

CVE-2025-47563 (WordPress CURCY plugin) : The CURCY plugin (Villatheme) versions ≤ 2.3.7 suffer a Missing Authorization vulnerability that enables accessing functionality not properly constrained by ACLs, enabling Arbitrary Shortcode Execution. The CVE entry explicitly labels this as an authoriza...

5.3CVSS7.2AI score0.0023EPSS

Exploits0References1

Cvelist•added 2025/05/16 3:45 p.m.•15 views

CVE-2025-47563 WordPress CURCY plugin <= 2.3.7 - Arbitrary Shortcode Execution vulnerability

5.3CVSS0.0023EPSS

Exploits0References1

Vulnrichment•added 2025/05/16 3:45 p.m.•9 views

CVE-2025-47563 WordPress CURCY plugin <= 2.3.7 - Arbitrary Shortcode Execution vulnerability

Missing Authorization vulnerability in villatheme CURCY allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects CURCY: from n/a through 2.3.7...

5.3CVSS6.9AI score0.0023EPSS

Exploits0References1

Patchstack•added 2025/05/16 12:46 p.m.•5 views

WordPress CURCY plugin <= 2.3.7 - Arbitrary Shortcode Execution vulnerability

Arbitrary Shortcode Execution vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin CURCY versions = 2.3.7...

5.3CVSS8.4AI score0.0023EPSS

Exploits0Affected Software1

Positive Technologies•added 2025/05/16 12:0 a.m.•3 views

PT-2025-21711 · Unknown · Villatheme Curcy

Name of the Vulnerable Software and Affected Versions: villatheme CURCY versions 2.3.7 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows accessing functionality not properly constrained by ACLs. Recommendations: For versions 2.3.7 and earlier,...

5.3CVSS6AI score0.0023EPSS

Exploits0References3

CNNVD•added 2025/05/16 12:0 a.m.•3 views

WordPress plugin CURCY 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

5.3CVSS6.3AI score0.0023EPSS

Exploits0References3

NVD•added 2025/03/07 7:15 a.m.•6 views

CVE-2024-13320

The CURCY - WooCommerce Multi Currency - Currency Switcher plugin for WordPress is vulnerable to SQL Injection via the 'wcfilterpricemetawhere' parameter in all versions up to, and including, 2.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...

7.5CVSS0.00143EPSS

Exploits0References2

Vulnrichment•added 2025/03/07 6:40 a.m.•7 views

CVE-2024-13320 CURCY - WooCommerce Multi Currency - Currency Switcher <= 2.3.6 - Unauthenticated SQL Injection

7.5CVSS7.8AI score0.00143EPSS

Exploits0References2

Cvelist•added 2025/03/07 6:40 a.m.•10 views

CVE-2024-13320 CURCY - WooCommerce Multi Currency - Currency Switcher <= 2.3.6 - Unauthenticated SQL Injection

7.5CVSS0.00143EPSS

Exploits0References2

CNNVD•added 2025/03/07 12:0 a.m.•1 views

WordPress plugin CURCY - WooCommerce Multi Currency - Currency Switcher SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. WordPress plugin CURCY - WooCommerce Multi Currency...

7.5CVSS9.2AI score0.00143EPSS

Exploits0References4

Patchstack•added 2025/03/06 10:18 p.m.•2 views

WordPress CURCY - WooCommerce Multi Currency - Currency Switcher plugin <= 2.3.6 - Unauthenticated SQL Injection vulnerability

WordPress CURCY - WooCommerce Multi Currency - Currency Switcher plugin = 2.3.6 - Unauthenticated SQL Injection vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin CURCY versions = 2.3.6...

7.5CVSS8.1AI score0.00143EPSS

Exploits0References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by