Security reports for woo-multi-currency

Security reports for woo-multi-currency
CVE/PSC	Application	Date	Affected versions	Description
	Actual on: Feb 08, 2025, 21:02:10
	Entries count: 6
CVE-2024-13487	CURCY – Multi Currency for WooCommerce – The best free currency exchange plugin – Run smoothly on WooCommerce vulnerable	Feb 07, 2025, 13:02:10	Min - Max 2.2.6	The The CURCY – Multi Currency for WooCommerce – The best free currency exchange plugin – Run smoothly on WooCommerce 9.x plugin for WordPress is vulnerable to arbitrary shortcode execution via the get_products_price() function in all versions up to, and including, 2.2.5. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
CVE-2023-50831	CURCY – Multi Currency for WooCommerce – The best free currency exchange plugin – Run smoothly on WooCommerce vulnerable	Jun 07, 2024, 03:06:51	Min - Max 2.2.1	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VillaTheme CURCY – Multi Currency for WooCommerce allows Stored XSS.This issue affects CURCY – Multi Currency for WooCommerce: from n/a through 2.2.0.
13a77f16b58689b0bbcfc4a5b6e7e10c7456b2ab	CURCY – Multi Currency for WooCommerce – The best free currency exchange plugin – Run smoothly on WooCommerce vulnerable	Jun 07, 2024, 03:06:51	Min - Max 2.1.26	CURCY – Multi Currency for WooCommerce – The best free currency exchange plugin – Run smoothly on WooCommerce 8.x [woo-multi-currency] < 2.1.26 WordPress CURCY plugin <= 2.1.17 - Reflected Cross-Site Scripting (XSS) vulnerability Reflected Cross-Site Scripting (XSS) vulnerability discovered by WPScanTeam in WordPress CURCY plugin (versions <= 2.1.17). Update the WordPress CURCY plugin to the latest available version (at least 2.1.18).
CVE-2021-4376	CURCY – Multi Currency for WooCommerce – The best free currency exchange plugin – Run smoothly on WooCommerce vulnerable	Jun 07, 2024, 03:06:51	Min - Max 2.1.18	The WooCommerce Multi Currency plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.17. This makes it possible for authenticated attackers to change the price of a product to an arbitrary value.
CVE-2022-46796	CURCY – Multi Currency for WooCommerce – The best free currency exchange plugin – Run smoothly on WooCommerce vulnerable	Jun 10, 2024, 12:06:28	Min - Max 2.1.26	Missing Authorization vulnerability in VillaTheme CURCY allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CURCY: from n/a through 2.1.25.
CVE-2024-49283	CURCY – Multi Currency for WooCommerce – The best free currency exchange plugin – Run smoothly on WooCommerce vulnerable	Oct 19, 2024, 04:10:00	Min - Max 2.2.3	Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in VillaTheme CURCY allows Reflected XSS.This issue affects CURCY: from n/a through 2.2.3.

CVE-2024-13487

CURCY – Multi Currency for WooCommerce – The best free currency exchange plugin – Run smoothly on WooCommerce

vulnerable

Feb 07, 2025, 13:02:10

Min -

Max 2.2.6

The The CURCY – Multi Currency for WooCommerce – The best free currency exchange plugin – Run smoothly on WooCommerce 9.x plugin for WordPress is vulnerable to arbitrary shortcode execution via the get_products_price() function in all versions up to, and including, 2.2.5. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.

CVE-2023-50831

CURCY – Multi Currency for WooCommerce – The best free currency exchange plugin – Run smoothly on WooCommerce

vulnerable

Jun 07, 2024, 03:06:51

Min -

Max 2.2.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VillaTheme CURCY – Multi Currency for WooCommerce allows Stored XSS.This issue affects CURCY – Multi Currency for WooCommerce: from n/a through 2.2.0.

13a77f16b58689b0bbcfc4a5b6e7e10c7456b2ab

CURCY – Multi Currency for WooCommerce – The best free currency exchange plugin – Run smoothly on WooCommerce

vulnerable

Jun 07, 2024, 03:06:51

Min -

Max 2.1.26

CURCY – Multi Currency for WooCommerce – The best free currency exchange plugin – Run smoothly on WooCommerce 8.x [woo-multi-currency] < 2.1.26 WordPress CURCY plugin <= 2.1.17 - Reflected Cross-Site Scripting (XSS) vulnerability Reflected Cross-Site Scripting (XSS) vulnerability discovered by WPScanTeam in WordPress CURCY plugin (versions <= 2.1.17). Update the WordPress CURCY plugin to the latest available version (at least 2.1.18).

CVE-2021-4376

CURCY – Multi Currency for WooCommerce – The best free currency exchange plugin – Run smoothly on WooCommerce

vulnerable

Jun 07, 2024, 03:06:51

Min -

Max 2.1.18

The WooCommerce Multi Currency plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.17. This makes it possible for authenticated attackers to change the price of a product to an arbitrary value.

CVE-2022-46796

CURCY – Multi Currency for WooCommerce – The best free currency exchange plugin – Run smoothly on WooCommerce

vulnerable

Jun 10, 2024, 12:06:28

Min -

Max 2.1.26

Missing Authorization vulnerability in VillaTheme CURCY allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CURCY: from n/a through 2.1.25.

CVE-2024-49283

CURCY – Multi Currency for WooCommerce – The best free currency exchange plugin – Run smoothly on WooCommerce

vulnerable

Oct 19, 2024, 04:10:00

Min -

Max 2.2.3

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in VillaTheme CURCY allows Reflected XSS.This issue affects CURCY: from n/a through 2.2.3.