Vulnerabilities and security researches foradvanced-currency-switcher advanced-currency-switcher

Jun 06, 2024

CVE, Research URL: 437bcc5c6d7873eae354597a677a1115a2e199dd
Home page URL: Security reports for Currency Switcher for WordPress
Application: Currency Switcher for WordPress
Date: Jun 03, 2022
Research Description: Currency Switcher for WordPress [advanced-currency-switcher] < 1.0.4 Currency Switcher for WordPress <= 1.0.3 - Reflected Cross-Site Scripting The Currency Switcher for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in versions up to, and including, 1.0.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Affected versions: Min -, max -.
Status: vulnerable