cleantalk
Vulnerabilities and Security Researches

Currency Switcher for WooCommerce, CVE-2019-18668

CVE, Research URL

CVE-2019-18668

Home page URL

Security reports for Currency Switcher for WooCommerce

Application

Currency Switcher for WooCommerce

Published on
Nov 02, 2019
Research Description
An issue was discovered in the Currency Switcher addon before 2.11.2 for WooCommerce if a user provides a currency that was not added by the administrator. In this case, even though the currency does not exist, it will be selected, but a price amount will fall back to the default currency. This means that if an attacker provides a currency that does not exist and is worth less than this default, the attacker can eventually purchase an item for a significantly cheaper price.
Affected versions
max 2.11.2.
Status
vulnerable
Previous vulnerability researches
Currency Switcher for WooCommerce (CVE-2024-9217) , Mar 02, 2025
Currency Switcher for WooCommerce (CVE-2019-18668) , Jun 06, 2024
New vulnerability
OOPSpam Anti-Spam (CVE-2026-32544) , Mar 31, 2026
NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor (CVE-2026-27042) , Mar 31, 2026
The Conference (CVE-2026-32335) , Mar 31, 2026
WP Booking System – Booking Calendar (CVE-2025-68515) , Mar 31, 2026
UPI QR Code Payment Gateway for WooCommerce (CVE-2025-67969) , Mar 31, 2026