CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added last week•4 views

EUVD-2026-32703

Vulnrichment•added last week•4 views

CVE-2026-9241 FOX – Currency Switcher Professional for WooCommerce <= 1.4.6 - Authenticated (Subscriber+) Authorization Bypass via User-Controlled Key to 'wooc_order_user_roles' Parameter

Cvelist•added last week•23 views

CVE-2026-9241 FOX – Currency Switcher Professional for WooCommerce <= 1.4.6 - Authenticated (Subscriber+) Authorization Bypass via User-Controlled Key to 'wooc_order_user_roles' Parameter

4.3CVSS0.00032EPSS

ATTACKERKB•added last week•5 views

CVE-2026-9241

CNNVD•added 2026/05/28 12:0 a.m.•5 views

Exploits0References6

WordPress plugin FOX – Currency Switcher Professional for WooCommerce 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

4.3CVSS5.8AI score0.00032EPSS

Positive Technologies•added 2026/05/28 12:0 a.m.•3 views

PT-2026-44181

The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to and including 1.4.6. This is due to the get value function in classes/fixed/fixed user role.php trusting the attacker-controlled $...

Patchstack•added 2026/05/27 2:49 p.m.•3 views

Exploits0References6

WordPress FOX – Currency Switcher Professional for WooCommerce plugin <= 1.4.6 - Authenticated (Subscriber+) Authorization Bypass vulnerability

Authenticated Subscriber+ Authorization Bypass vulnerability discovered by Long Lagon in WordPress Plugin FOX versions = 1.4.6...

4.3CVSS5.8AI score0.00032EPSS

Exploits0References1Affected Software1

NVD•added 2026/05/27 11:16 a.m.•11 views

CVE-2026-42733

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RealMag777 WPCS currency-switcher allows DOM-Based XSS.This issue affects WPCS: from n/a through = 1.3.1...

7.1CVSS0.00036EPSS

Vulnrichment•added 2026/05/27 9:49 a.m.•5 views

CVE-2026-42733 WordPress WPCS plugin <= 1.3.1 - Cross Site Scripting (XSS) vulnerability

EUVD•added 2026/05/27 9:49 a.m.•8 views

EUVD-2026-32184

Cvelist•added 2026/05/27 9:49 a.m.•23 views

CVE-2026-42733 WordPress WPCS plugin <= 1.3.1 - Cross Site Scripting (XSS) vulnerability

7.1CVSS0.00036EPSS

ATTACKERKB•added 2026/05/27 9:49 a.m.•4 views

CVE-2026-42733

Positive Technologies•added 2026/05/27 12:0 a.m.•6 views

Exploits0References2

PT-2026-43645

NVD•added 2026/05/15 7:16 a.m.•6 views

Exploits0References2

CVE-2026-4094

The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the 'adminhead' function in all versions up to, and including, 1.4.5. This makes it possible for authenticated attackers, with Contributor-lev...

8.1CVSS0.00042EPSS

Exploits0References4

Vulnrichment•added 2026/05/15 6:45 a.m.•6 views

CVE-2026-4094 FOX – Currency Switcher Professional for WooCommerce <= 1.4.5 - Missing Authorization to Authenticated (Contributor+) Configuration Deletion

8.1CVSS5.7AI score0.00042EPSS

Exploits0References4

CVE•added 2026/05/15 6:45 a.m.•8 views

CVE-2026-4094

The FOX – Currency Switcher Professional for WooCommerce WordPress plugin (versions up to and including 1.4.5) is affected by an unauthorized data-loss vulnerability due to a missing capability check on the admin_head function, enabling authenticated attackers with Contributor-level access (and s...

8.1CVSS5.7AI score0.00042EPSS

Exploits0References4

ATTACKERKB•added 2026/05/15 6:45 a.m.•3 views

CVE-2026-4094

8.1CVSS5.7AI score0.00042EPSS