WordPress WOOCS < 1.3.7.5 - Cross-Site Scripting

WordPress WOOCS plugin before 1.3.7.5 is susceptible to cross-site scripting. The plugin does not sanitize and escape the woocsinordercurrency parameter of the woocsgetproductspricehtml AJAX action, available to both unauthenticated and authenticated users, before outputting it back in the...

EUVD-2021-11850

Malware in sbrugna...

EUVD-2022-51776

Malicious code in bioql PyPI...

CVE-2022-4431

The WOOCS WordPress plugin before 1.3.9.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege user...

CVE-2022-0234

The WOOCS WordPress plugin before 1.3.7.5 does not sanitise and escape the woocsinordercurrency parameter of the woocsgetproductspricehtml AJAX action available to both unauthenticated and authenticated users before outputting it back in the response, leading to a Reflected Cross-Site Scripting...

CVE-2021-25043

The WOOCS WordPress plugin before 1.3.7.3 does not sanitise and escape the customprices parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue...

CVE-2021-24566

The WooCommerce Currency Switcher FOX WordPress plugin before 1.3.7 was vulnerable to LFI attacks via the "woocs" shortcode...

CVE-2021-24938

The WOOCS WordPress plugin before 1.3.7.1 does not sanitise and escape the key parameter of the woocsupdateprofilesdata AJAX action available to any authenticated user before outputting it back in the response, leading to a Reflected cross-Site Scripting issue...

WordPress WOOCS – WooCommerce Currency Switcher Plugin <= 1.4.2.2 is vulnerable to Arbitrary Code Execution

Software WOOCS – WooCommerce Currency Switcher Type Plugin Vulnerable versions = 1.4.2.2 Fixed in 1.4.2.3 OWASP Top 10 A3: Injection Classification Arbitrary Code Execution CVE CVE-2024-10640 Patch priority Low CVSS severity Low 7.3 Developer Claim ownership PSID 9ec73d22667c Credits mikemyers...

WordPress WOOCS – WooCommerce Currency Switcher Plugin <= 1.4.2.1 is vulnerable to Broken Access Control

Software WOOCS – WooCommerce Currency Switcher Type Plugin Vulnerable versions = 1.4.2.1 Fixed in 1.4.2.2 OWASP Top 10 A3: Injection Classification Broken Access Control CVE CVE-2024-8271 Patch priority Medium CVSS severity Medium 7.3 Developer Claim ownership PSID 630dad8a94ec Credits Arkadiusz...

WordPress WOOCS – WooCommerce Currency Switcher Plugin <= 1.4.2 is vulnerable to Broken Access Control

Software WOOCS – WooCommerce Currency Switcher Type Plugin Vulnerable versions = 1.4.2 Fixed in 1.4.2.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43297 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 4fdc68645ff9 Credits Anand...

WordPress WOOCS plugin <= 1.4.1.8 - Unauthenticated Arbitrary Shortcode Execution vulnerability

Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by stealthcopter in WordPress Plugin FOX versions = 1.4.1.8...

WordPress WOOCS – WooCommerce Currency Switcher Plugin <= 1.4.1.8 is vulnerable to Broken Access Control

Software WOOCS – WooCommerce Currency Switcher Type Plugin Vulnerable versions = 1.4.1.8 Fixed in 1.4.1.9 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-3734 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID a6af6a35e8e2 Credit...

CVE-2024-30458

CVE-2024-30458 describes a Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOOCS – WooCommerce Currency Switcher. Public record indicates the issue affects WOOCS versions from unspecified initial release up to 1.4.1.7. The connected Red Hat advisory corroborates the CSRF nature and ...

WordPress WOOCS – WooCommerce Currency Switcher Plugin <= 1.4.1.7 is vulnerable to Cross Site Request Forgery (CSRF)

Software WOOCS – WooCommerce Currency Switcher Type Plugin Vulnerable versions = 1.4.1.7 Fixed in 1.4.1.8 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-30458 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 38805bdd386d...

CVE-2021-24566

The WooCommerce Currency Switcher FOX WordPress plugin before 1.3.7 was vulnerable to LFI attacks via the "woocs" shortcode...

CVE-2021-24566

The WooCommerce Currency Switcher FOX WordPress plugin before 1.3.7 was vulnerable to LFI attacks via the "woocs" shortcode...

WordPress plugin WooCommerce Currency Switcher FOX path traversal vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plug-in. The WordPress plugin WooCommerce Currency...

PT-2024-10891 · WordPress · Currency Switcher For Woocommerce

Name of the Vulnerable Software and Affected Versions: WooCommerce Currency Switcher FOX WordPress plugin versions prior to 1.3.7 Description: The issue concerns a Local File Inclusion LFI vulnerability. LFI is a type of attack where an attacker can trick the application into exposing or running...

WordPress WOOCS – WooCommerce Currency Switcher Plugin <= 1.4.1.6 is vulnerable to Cross Site Scripting (XSS)

Software WOOCS – WooCommerce Currency Switcher Type Plugin Vulnerable versions = 1.4.1.6 Fixed in 1.4.1.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6556 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 45d1f7361e75...