CVE-2021-24938
The CVE-2021-24938 vulnerability affects the WordPress WOOCS (WooCommerce Currency Switcher) plugin prior to 1.3.7.1. The issue arises because the plugin does not sanitise or escape the key parameter of the woocs_update_profiles_data AJAX action (accessible to authenticated users) before echoing ...