cleantalk
Vulnerabilities and Security Researches

WPCS – WordPress Currency Switcher Professional, CVE-2025-2169

CVE, Research URL

CVE-2025-2169

Home page URL

Security reports for WPCS – WordPress Currency Switcher Professional

Application

WPCS – WordPress Currency Switcher Professional

Published on
Mar 11, 2025
Research Description
The The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.2.0.4. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
Affected versions
Min -, max 1.2.0.5.
Status
vulnerable
Previous vulnerability researches
RomethemeKit For Elementor (CVE-2025-24743) , Jan 26, 2025
RomethemeKit For Elementor (CVE-2024-10324) , Jan 26, 2025
RomethemeKit For Elementor (CVE-2024-10326) , Mar 10, 2025
RomethemeKit For Elementor (CVE-2024-33919) , Jun 07, 2024
RomethemeKit For Elementor (CVE-2024-32956) , Jun 07, 2024
New vulnerability
Multiple Shipping And Billing Address For Woocommerce (CVE-2025-26875) , Mar 12, 2025
HUSKY – Products Filter for WooCommerce Professional (CVE-2025-1661) , Mar 12, 2025
Qubely – Advanced Gutenberg Blocks (CVE-2024-13228) , Mar 11, 2025
WPCS – WordPress Currency Switcher Professional (CVE-2025-2169) , Mar 11, 2025
RomethemeKit For Elementor (CVE-2024-10326) , Mar 10, 2025