cleantalk
Vulnerabilities and Security Researches

WPCS – WordPress Currency Switcher Professional, CVE-2023-2558

CVE, Research URL

CVE-2023-2558

Home page URL

Security reports for WPCS – WordPress Currency Switcher Professional

Application

WPCS – WordPress Currency Switcher Professional

Published on
Jun 09, 2023
Research Description
The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpcs_current_currency shortcode in versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max 1.2.0.
Status
vulnerable
Previous vulnerability researches
Currency Switcher for WordPress (437bcc5c6d7873eae354597a677a1115a2e199dd) , Jun 06, 2024
WPCS – WordPress Currency Switcher Professional (CVE-2024-38700) , Jul 14, 2024
WPCS – WordPress Currency Switcher Professional (CVE-2025-2169) , Mar 11, 2025
WPCS – WordPress Currency Switcher Professional (CVE-2021-20780) , Jun 07, 2024
WPCS – WordPress Currency Switcher Professional (CVE-2023-2556) , Jun 07, 2024
New vulnerability
WP Last Modified (CVE-2025-28907) , Mar 13, 2025
Lunar – Sell photos online (CVE-2025-28936) , Mar 13, 2025
Skrill Official (CVE-2025-28876) , Mar 13, 2025
WordPress Report Brute Force Attacks and Login Protection ReportAttacks Plugins (CVE-2025-2250) , Mar 13, 2025
All-in-One WP Migration (CVE-2024-10942) , Mar 13, 2025