Vulnerabilities and security researches forwoo-multi-currency woo-multi-currency
Direction: ascendingJun 07, 2024
CURCY – Multi Currency for WooCommerce – The best free currency exchange plugin – Run smoothly on WooCommerce # CVE-2023-50831
- CVE, Research URL
- Date
- Dec 21, 2023
- Research Description
- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VillaTheme CURCY – Multi Currency for WooCommerce allows Stored XSS.This issue affects CURCY – Multi Currency for WooCommerce: from n/a through 2.2.0.
- Affected versions
-
max 2.2.1.
- Status
-
vulnerable
CURCY – Multi Currency for WooCommerce – The best free currency exchange plugin – Run smoothly on WooCommerce # 13a77f16b58689b0bbcfc4a5b6e7e10c7456b2ab
- CVE, Research URL
- Date
- May 31, 2022
- Research Description
- CURCY – Multi Currency for WooCommerce – Smoothly on WooCommerce 9.x [woo-multi-currency] < 2.1.18 WordPress CURCY plugin <= 2.1.17 - Reflected Cross-Site Scripting (XSS) vulnerability Reflected Cross-Site Scripting (XSS) vulnerability discovered by WPScanTeam in WordPress CURCY plugin (versions <= 2.1.17). Update the WordPress CURCY plugin to the latest available version (at least 2.1.18).
- Affected versions
-
max 2.1.18.
- Status
-
vulnerable
CURCY – Multi Currency for WooCommerce – The best free currency exchange plugin – Run smoothly on WooCommerce # CVE-2021-4376
- CVE, Research URL
- Date
- Jun 07, 2023
- Research Description
- The WooCommerce Multi Currency plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.17. This makes it possible for authenticated attackers to change the price of a product to an arbitrary value.
- Affected versions
-
max 2.1.18.
- Status
-
vulnerable
Jun 10, 2024
CURCY – Multi Currency for WooCommerce – The best free currency exchange plugin – Run smoothly on WooCommerce # CVE-2022-46796
- CVE, Research URL
- Date
- Dec 13, 2024
- Research Description
- Missing Authorization vulnerability in VillaTheme CURCY allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CURCY: from n/a through 2.1.25.
- Affected versions
-
max 2.1.26.
- Status
-
vulnerable
Oct 19, 2024
CURCY – Multi Currency for WooCommerce – The best free currency exchange plugin – Run smoothly on WooCommerce # CVE-2024-49283
- CVE, Research URL
- Date
- Oct 18, 2024
- Research Description
- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VillaTheme CURCY woo-multi-currency allows Reflected XSS.This issue affects CURCY: from n/a through <= 2.2.3.
- Affected versions
-
max 2.2.4.
- Status
-
vulnerable
Feb 07, 2025
CURCY – Multi Currency for WooCommerce – The best free currency exchange plugin – Run smoothly on WooCommerce # CVE-2024-13487
- CVE, Research URL
- Date
- Feb 06, 2025
- Research Description
- The The CURCY – Multi Currency for WooCommerce – The best free currency exchange plugin – Run smoothly on WooCommerce 9.x plugin for WordPress is vulnerable to arbitrary shortcode execution via the get_products_price() function in all versions up to, and including, 2.2.5. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
- Affected versions
-
max 2.2.6.
- Status
-
vulnerable
Jun 15, 2026
CURCY – Multi Currency for WooCommerce – The best free currency exchange plugin – Run smoothly on WooCommerce # eb9cbd4445dbdb71d87e267cad23356103e29c9d
- CVE, Research URL
- Date
- Sep 13, 2021
- Research Description
- CURCY – Multi Currency for WooCommerce – Smoothly on WooCommerce 9.x [woo-multi-currency] < 2.1.18 WooCommerce Multi Currency <= 2.1.17 - Missing Authorization The WooCommerce Multi Currency plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.17. This makes it possible for authenticated attackers to change the price of a product to an arbitrary value.
- Affected versions
-
max 2.1.18.
- Status
-
vulnerable
CURCY – Multi Currency for WooCommerce – The best free currency exchange plugin – Run smoothly on WooCommerce # dae772a05310ee3d58f3f6291e86b9537bba958c
- CVE, Research URL
- Date
- May 31, 2022
- Research Description
- CURCY – Multi Currency for WooCommerce – Smoothly on WooCommerce 9.x [woo-multi-currency] < 2.1.18 CURCY <= 2.1.17 - Reflected Cross-Site Scripting The CURCY plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in versions up to, and including, 2.1.17. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
- Affected versions
-
max 2.1.18.
- Status
-
vulnerable
CURCY – Multi Currency for WooCommerce – The best free currency exchange plugin – Run smoothly on WooCommerce # 6ebafb52-e167-40bc-a86c-b9840b2b9b37
- CVE, Research URL
- Date
- -
- Research Description
- CURCY – Multi Currency for WooCommerce – Smoothly on WooCommerce 9.x [woo-multi-currency] < 2.1.18 CURCY < 2.1.18 - Reflected Cross-Site Scripting The plugin does not escape some generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting
- Affected versions
-
max 2.1.18.
- Status
-
vulnerable
Jul 04, 2026
CURCY – Multi Currency for WooCommerce – The best free currency exchange plugin – Run smoothly on WooCommerce # CVE-2026-11778
- CVE, Research URL
- Date
- Jul 03, 2026
- Research Description
- The The CURCY – Multi Currency for WooCommerce – Smoothly on WooCommerce 9.x plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.2.14. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
- Affected versions
-
max 2.2.15.
- Status
-
vulnerable