Vulnerabilities and security researches for woo-multi-currency
Direction: descendingFeb 07, 2025
CURCY – Multi Currency for WooCommerce – The best free currency exchange plugin – Run smoothly on WooCommerce # CVE-2024-13487
- CVE, Research URL
- Date
- Feb 06, 2025
- Research Description
- The The CURCY – Multi Currency for WooCommerce – The best free currency exchange plugin – Run smoothly on WooCommerce 9.x plugin for WordPress is vulnerable to arbitrary shortcode execution via the get_products_price() function in all versions up to, and including, 2.2.5. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Oct 19, 2024
CURCY – Multi Currency for WooCommerce – The best free currency exchange plugin – Run smoothly on WooCommerce # CVE-2024-49283
- CVE, Research URL
- Date
- Oct 18, 2024
- Research Description
- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in VillaTheme CURCY allows Reflected XSS.This issue affects CURCY: from n/a through 2.2.3.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Jun 10, 2024
CURCY – Multi Currency for WooCommerce – The best free currency exchange plugin – Run smoothly on WooCommerce # CVE-2022-46796
- CVE, Research URL
- Date
- Dec 13, 2024
- Research Description
- Missing Authorization vulnerability in VillaTheme CURCY allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CURCY: from n/a through 2.1.25.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Jun 07, 2024
CURCY – Multi Currency for WooCommerce – The best free currency exchange plugin – Run smoothly on WooCommerce # CVE-2023-50831
- CVE, Research URL
- Date
- Dec 21, 2023
- Research Description
- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VillaTheme CURCY – Multi Currency for WooCommerce allows Stored XSS.This issue affects CURCY – Multi Currency for WooCommerce: from n/a through 2.2.0.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
CURCY – Multi Currency for WooCommerce – The best free currency exchange plugin – Run smoothly on WooCommerce # 13a77f16b58689b0bbcfc4a5b6e7e10c7456b2ab
- CVE, Research URL
- Date
- May 31, 2022
- Research Description
- CURCY – Multi Currency for WooCommerce – The best free currency exchange plugin – Run smoothly on WooCommerce 8.x [woo-multi-currency] < 2.1.26 WordPress CURCY plugin <= 2.1.17 - Reflected Cross-Site Scripting (XSS) vulnerability Reflected Cross-Site Scripting (XSS) vulnerability discovered by WPScanTeam in WordPress CURCY plugin (versions <= 2.1.17). Update the WordPress CURCY plugin to the latest available version (at least 2.1.18).
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
CURCY – Multi Currency for WooCommerce – The best free currency exchange plugin – Run smoothly on WooCommerce # CVE-2021-4376
- CVE, Research URL
- Date
- Jun 07, 2023
- Research Description
- The WooCommerce Multi Currency plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.17. This makes it possible for authenticated attackers to change the price of a product to an arbitrary value.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable