Currency Switcher For Woocommerce
by WordPress
Source repositories
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-24566 | Hig | 0.57 | 8.8 | 0.01 | Jan 16, 2024 | The WooCommerce Currency Switcher FOX WordPress plugin before 1.3.7 was vulnerable to LFI attacks via the "woocs" shortcode. | ||
| CVE-2026-39497 | Hig | 0.49 | 7.6 | 0.00 | Apr 8, 2026 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 FOX woocommerce-currency-switcher allows Blind SQL Injection.This issue affects FOX: from n/a through <= 1.4.5. | ||
| CVE-2025-30857 | Hig | 0.46 | 7.1 | 0.00 | Mar 27, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in PressMaximum Currency Switcher for WooCommerce currency-switcher-for-woocommerce allows Stored XSS.This issue affects Currency Switcher for WooCommerce: from n/a through <= 0.0.7. | ||
| CVE-2019-18668 | Med | 0.42 | 6.5 | 0.02 | Nov 2, 2019 | An issue was discovered in the Currency Switcher addon before 2.11.2 for WooCommerce if a user provides a currency that was not added by the administrator. In this case, even though the currency does not exist, it will be selected, but a price amount will fall back to the… | ||
| CVE-2026-32410 | Med | 0.34 | 5.3 | 0.00 | Mar 13, 2026 | Missing Authorization vulnerability in WBW Plugins WBW Currency Switcher for WooCommerce woo-currency allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WBW Currency Switcher for WooCommerce: from n/a through <= 2.2.5. | ||
| CVE-2022-2575 | Med | 0.31 | 4.8 | 0.00 | Sep 16, 2022 | The WBW Currency Switcher for WooCommerce WordPress plugin before 1.6.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed… |
- risk 0.57cvss 8.8epss 0.01
The WooCommerce Currency Switcher FOX WordPress plugin before 1.3.7 was vulnerable to LFI attacks via the "woocs" shortcode.
- risk 0.49cvss 7.6epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 FOX woocommerce-currency-switcher allows Blind SQL Injection.This issue affects FOX: from n/a through <= 1.4.5.
- risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in PressMaximum Currency Switcher for WooCommerce currency-switcher-for-woocommerce allows Stored XSS.This issue affects Currency Switcher for WooCommerce: from n/a through <= 0.0.7.
- risk 0.42cvss 6.5epss 0.02
An issue was discovered in the Currency Switcher addon before 2.11.2 for WooCommerce if a user provides a currency that was not added by the administrator. In this case, even though the currency does not exist, it will be selected, but a price amount will fall back to the…
- risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in WBW Plugins WBW Currency Switcher for WooCommerce woo-currency allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WBW Currency Switcher for WooCommerce: from n/a through <= 2.2.5.
- risk 0.31cvss 4.8epss 0.00
The WBW Currency Switcher for WooCommerce WordPress plugin before 1.6.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed…