CVE-2022-4431

The WOOCS WordPress plugin, prior to version 1.3.9.4, does not validate and escape certain shortcode attributes before output, enabling Stored Cross-Site Scripting that could affect high-privilege accounts (admins) when operated by users with as little as a contributor. Root cause: insufficient o...

CVE-2021-24566

CVE-2021-24566 affects the WooCommerce Currency Switcher FOX WordPress plugin prior to 1.3.7. The vulnerability is a Local File Inclusion (LFI) via the woocs shortcode that can be exploited to access files on the server. Some sources characterize exploitation as Authenticated (Low Privilege) LFI ...

CVE-2024-30458

CVE-2024-30458 describes a Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOOCS – WooCommerce Currency Switcher. Public record indicates the issue affects WOOCS versions from unspecified initial release up to 1.4.1.7. The connected Red Hat advisory corroborates the CSRF nature and ...

CVE-2023-6556

CVE-2023-6556 describes a Stored Cross‑Site Scripting vulnerability in the FOX – Currency Switcher Professional for WooCommerce WordPress plugin. The flaw exists in all versions up to 1.4.1.5 due to insufficient input sanitization and output escaping in currency options, allowing authenticated us...

CVE-2024-8271

CVE-2024-8271 affects the WordPress plugin FOX – Currency Switcher Professional for WooCommerce . All versions up to and including 1.4.2.1 are vulnerable to unauthenticated arbitrary shortcode execution due to inadequate validation in the Woocs_get_custom_price_html function that allows running d...

CVE-2023-49834

CVE-2023-49834 is a CSRF vulnerability in the FOX – Currency Switcher Professional for WooCommerce (WOODS WOOCS) plugin. Affected versions are up to 1.4.1.4. The issue allows unauthenticated CSRF actions via the delete_profiles_data function, enabling an attacker to delete a user’s currency switc...