5 matches found
CVE-2022-4431
The WOOCS WordPress plugin, prior to version 1.3.9.4, does not validate and escape certain shortcode attributes before output, enabling Stored Cross-Site Scripting that could affect high-privilege accounts (admins) when operated by users with as little as a contributor. Root cause: insufficient o...
CVE-2021-24566
CVE-2021-24566 affects the WooCommerce Currency Switcher FOX WordPress plugin prior to 1.3.7. The vulnerability is a Local File Inclusion (LFI) via the woocs shortcode that can be exploited to access files on the server. Some sources characterize exploitation as Authenticated (Low Privilege) LFI ...
CVE-2024-30458
CVE-2024-30458 describes a Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOOCS – WooCommerce Currency Switcher. Public record indicates the issue affects WOOCS versions from unspecified initial release up to 1.4.1.7. The connected Red Hat advisory corroborates the CSRF nature and ...
CVE-2024-8271
CVE-2024-8271 affects the WordPress plugin FOX – Currency Switcher Professional for WooCommerce . All versions up to and including 1.4.2.1 are vulnerable to unauthenticated arbitrary shortcode execution due to inadequate validation in the Woocs_get_custom_price_html function that allows running d...
CVE-2023-49834
CVE-2023-49834 is a CSRF vulnerability in the FOX – Currency Switcher Professional for WooCommerce (WOODS WOOCS) plugin. Affected versions are up to 1.4.1.4. The issue allows unauthenticated CSRF actions via the delete_profiles_data function, enabling an attacker to delete a user’s currency switc...