cleantalk
Vulnerabilities and Security Researches

WPCS – WordPress Currency Switcher Professional, CVE-2023-2556

CVE, Research URL

CVE-2023-2556

Home page URL

Security reports for WPCS – WordPress Currency Switcher Professional

Application

WPCS – WordPress Currency Switcher Professional

Published on
Jun 09, 2023
Research Description
The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the anonymous function for the wpcs_sd_delete action in versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete an arbitrary custom drop-down currency switcher.
Affected versions
Min -, max 1.2.0.
Status
vulnerable
Previous vulnerability researches
Currency Switcher for WordPress (437bcc5c6d7873eae354597a677a1115a2e199dd) , Jun 06, 2024
WPCS – WordPress Currency Switcher Professional (CVE-2024-38700) , Jul 14, 2024
WPCS – WordPress Currency Switcher Professional (CVE-2025-2169) , Mar 11, 2025
WPCS – WordPress Currency Switcher Professional (CVE-2021-20780) , Jun 07, 2024
WPCS – WordPress Currency Switcher Professional (CVE-2023-2556) , Jun 07, 2024
New vulnerability
WP Last Modified (CVE-2025-28907) , Mar 13, 2025
Lunar – Sell photos online (CVE-2025-28936) , Mar 13, 2025
Skrill Official (CVE-2025-28876) , Mar 13, 2025
WordPress Report Brute Force Attacks and Login Protection ReportAttacks Plugins (CVE-2025-2250) , Mar 13, 2025
All-in-One WP Migration (CVE-2024-10942) , Mar 13, 2025