Description

WordPress Plugin Currency Switcher for WooCommerce is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently do conversions in currencies that aren't enabled in settings. WordPress Plugin Currency Switcher for WooCommerce version 2.11.1 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 2.11.2 or latest

References

https://www.infigo.hr/en/critical-vulnerability-in-currency-switcher-for-woocommerce-n61

https://plugins.svn.wordpress.org/currency-switcher-woocommerce/trunk/readme.txt

Related Vulnerabilities

WordPress Plugin ActiveHelper LiveHelp Live Chat Multiple Cross-Site Scripting Vulnerabilities (3.1.0)

XWiki URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2023-32068)

Joomla! Core 1.0.x Unspecified Vulnerability (1.0.0 - 1.0.3)

IBM WebSEAL Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2023-38371)

Moodle Exposure of Resource to Wrong Sphere Vulnerability (CVE-2022-0334)

Severity

High

Classification

CVE-2019-18668 CWE-264 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

Missing Update Authentication Bypass