VYPR

Woocommerce Multi Currency

by WordPress

CVEs (4)

  • CVE-2024-13320HigMar 7, 2025
    risk 0.49cvss 7.5epss 0.00

    The CURCY - WooCommerce Multi Currency - Currency Switcher plugin for WordPress is vulnerable to SQL Injection via the 'wc_filter_price_meta[where]' parameter in all versions up to, and including, 2.3.6 due to insufficient escaping on the user supplied parameter and lack of…

  • CVE-2021-4379MedJun 7, 2023
    risk 0.42cvss 6.5epss 0.01

    The WooCommerce Multi Currency plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wmc_bulk_fixed_price function in versions up to, and including, 2.1.17. This makes it possible for authenticated attackers, with subscriber-level…

  • CVE-2025-47563MedMay 16, 2025
    risk 0.34cvss 5.3epss 0.00

    Missing Authorization vulnerability in villatheme CURCY woocommerce-multi-currency allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects CURCY: from n/a through <= 2.3.7.

  • CVE-2021-4376MedJun 7, 2023
    risk 0.28cvss 4.3epss 0.01

    The WooCommerce Multi Currency plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.17. This makes it possible for authenticated attackers to change the price of a product to an arbitrary value.