Description
WordPress Plugin WOOCS-Currency Switcher for WooCommerce Professional is prone to a local file inclusion vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin WOOCS-Currency Switcher for WooCommerce Professional version 1.3.6.2 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.3.7 or latest
References
https://mp.weixin.qq.com/s/2DqN3EsHqG24AjMy8scecA
https://jetpack.com/2021/07/22/severe-vulnerability-patched-in-woocommerce-currency-switcher/
https://plugins.svn.wordpress.org/woocommerce-currency-switcher/trunk/readme.txt
Related Vulnerabilities
WordPress Plugin Product Input Fields for WooCommerce Arbitrary File Download (1.2.6)
WordPress Plugin WordPress Filter Gallery Cross-Site Scripting (0.1.5)
WordPress Plugin Dialog Contact Form Cross-Site Scripting (1.2.0)
WordPress Plugin Easy FancyBox Cross-Site Scripting (1.8.17)
Apache Tomcat Data Processing Errors Vulnerability (CVE-2014-0227)