Medium severity4.3NVD Advisory· Published Jun 7, 2023· Updated Apr 8, 2026
CVE-2021-4376
CVE-2021-4376
Description
The WooCommerce Multi Currency plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.17. This makes it possible for authenticated attackers to change the price of a product to an arbitrary value.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- cpe:2.3:a:palscode:woocommerce_multi_currency:*:*:*:*:*:wordpress:*:*Range: <=2.1.17
- Range: <=2.1.17
Patches
Vulnerability mechanics
References
4- plugins.trac.wordpress.org/changesetnvdPatch
- wpscan.com/vulnerability/480125bc-bab3-45b8-9325-a4d406655a61nvdThird Party Advisory
- www.wordfence.com/threat-intel/vulnerabilities/id/d8a490c6-14c1-4c71-b44c-1e362cc892a8nvdThird Party Advisory
- wordpress.org/plugins/woo-multi-currency/nvdProduct
News mentions
0No linked articles in our index yet.