Lucene search
K

6 matches found

CNVD
CNVD
added 2025/12/22 12:0 a.m.4 views

WordPress FX Currency Converter plugin cross-site scripting vulnerability

WordPress FX Currency Converter plugin is a plugin for WordPress websites designed to provide currency conversion functionality that allows users to perform real-time exchange rate calculations between different currencies. The WordPress FX Currency Converter plugin suffers from a cross-site...

6.4CVSS6.1AI score0.00188EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/12 3:20 a.m.18 views

CVE-2025-13963 FX Currency Converter <= 0.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The FX Currency Converter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'fxccconvert' shortcode in all versions up to, and including, 0.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.00188EPSS
Exploits0References4
NVD
NVD
added 2025/06/20 9:15 a.m.8 views

CVE-2025-6257

The Euro FxRef Currency Converter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's currency shortcode in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.00225EPSS
Exploits0References4
OSV
OSV
added 2023/11/22 2:15 p.m.2 views

CVE-2023-28747

Cross-Site Request Forgery CSRF vulnerability in codeboxr CBX Currency Converter plugin = 3.0.3 versions...

8.8CVSS7.3AI score0.00303EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/11/22 12:0 a.m.4 views

PT-2023-21933 · Unknown · Cbx Currency Converter

Name of the Vulnerable Software and Affected Versions: CBX Currency Converter plugin versions = 3.0.3 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This means an attacker could potentially trick a user into performing unintended actions on a web application...

8.8CVSS8.8AI score0.00303EPSS
Exploits0References2
NVD
NVD
added 2015/06/24 2:59 p.m.23 views

CVE-2015-5065

Absolute path traversal vulnerability in proxy.php in the google currency lookup in the Paypal Currency Converter Basic For WooCommerce plugin before 1.4 for WordPress allows remote attackers to read arbitrary files via a full pathname in the requrl parameter...

5CVSS6.8AI score0.16324EPSS
Exploits1References5
Rows per page
Query Builder