Vulnerabilities and Security Researches

Security report for CVE CURCY – Multi Currency for WooCommerce – The best free currency exchange plugin – Run smoothly on WooCommerce > CVE-2024-13487

CVE, Research URL: CVE-2024-13487
Home page URL: Security reports for CURCY – Multi Currency for WooCommerce – The best free currency exchange plugin – Run smoothly on WooCommerce
Application: CURCY – Multi Currency for WooCommerce – The best free currency exchange plugin – Run smoothly on WooCommerce
Published on: Feb 06, 2025
Research Description: The The CURCY – Multi Currency for WooCommerce – The best free currency exchange plugin – Run smoothly on WooCommerce 9.x plugin for WordPress is vulnerable to arbitrary shortcode execution via the get_products_price() function in all versions up to, and including, 2.2.5. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
Affected versions: Min -, max 2.2.6.
Status: vulnerable