cleantalk
Vulnerabilities and Security Researches

Currency Switcher for WordPress, 437bcc5c6d7873eae354597a677a1115a2e199dd

CVE, Research URL

437bcc5c6d7873eae354597a677a1115a2e199dd

Home page URL

Security reports for Currency Switcher for WordPress

Application

Currency Switcher for WordPress

Published on
Jun 03, 2022
Research Description
Currency Switcher for WordPress [advanced-currency-switcher] < 1.0.4 Currency Switcher for WordPress <= 1.0.3 - Reflected Cross-Site Scripting The Currency Switcher for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in versions up to, and including, 1.0.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Affected versions
Min -, max 1.0.4.
Status
vulnerable
Previous vulnerability researches
Currency Switcher for WordPress (437bcc5c6d7873eae354597a677a1115a2e199dd) , Jun 06, 2024
Currency Switcher for WooCommerce (CVE-2025-30857) , Apr 02, 2025
WPCS &#8211; WordPress Currency Switcher Professional (CVE-2024-38700) , Jul 14, 2024
WPCS &#8211; WordPress Currency Switcher Professional (CVE-2025-2169) , Mar 11, 2025
WPCS &#8211; WordPress Currency Switcher Professional (CVE-2021-20780) , Jun 07, 2024
New vulnerability
Owl carousel responsive (CVE-2025-5590) , Jul 01, 2025
App Builder &#8211; Create Native Android &amp; iOS Apps On The Flight (CVE-2025-49989) , Jul 01, 2025
Sitekit (CVE-2025-50047) , Jul 01, 2025
Responsive Food and Drink Menu (CVE-2025-6378) , Jul 01, 2025
Flexo Counter (CVE-2025-50052) , Jul 01, 2025