Lucene search
K

5 matches found

Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.13 views

PT-2026-44181

The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to and including 1.4.6. This is due to the get value function in classes/fixed/fixed user role.php trusting the attacker-controlled $...

4.3CVSS5.7AI score0.00213EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/05/15 6:45 a.m.49 views

CVE-2026-4094 FOX – Currency Switcher Professional for WooCommerce <= 1.4.5 - Missing Authorization to Authenticated (Contributor+) Configuration Deletion

The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the 'adminhead' function in all versions up to, and including, 1.4.5. This makes it possible for authenticated attackers, with Contributor-lev...

8.1CVSS0.00273EPSS
Exploits0References4
OSV
OSV
added 2024/09/14 3:15 a.m.6 views

CVE-2024-8271

The The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.4.2.1. This is due to the software allowing users to execute an action that does not properly validate a value before running...

7.3CVSS6.1AI score0.00737EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/12/17 12:0 a.m.6 views

PT-2023-31385 · Woocommerce · Fox – Currency Switcher Professional For Woocommerce

Name of the Vulnerable Software and Affected Versions: FOX – Currency Switcher Professional for WooCommerce versions 1.4.1.4 and earlier Description: A Cross-Site Request Forgery CSRF issue affects the software, which can be exploited by an attacker to perform unintended actions on a user's...

8.8CVSS8.9AI score0.00254EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2023/06/09 6:16 a.m.3 views

CVE-2023-2558

The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpcscurrentcurrency shortcode in versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This...

6.4CVSS7AI score0.00365EPSS
Exploits0References3
Rows per page
Query Builder