Description
WordPress Plugin Currency Switcher for WooCommerce is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently do conversions in currencies that aren't enabled in settings. WordPress Plugin Currency Switcher for WooCommerce version 2.11.1 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 2.11.2 or latest
References
https://www.infigo.hr/en/critical-vulnerability-in-currency-switcher-for-woocommerce-n61
https://plugins.svn.wordpress.org/currency-switcher-woocommerce/trunk/readme.txt
Related Vulnerabilities
Jboss EAP Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2018-10237)
WordPress Plugin Blog Designer Cross-Site Scripting (1.8.11)
Oracle Database Server CVE-2011-0799 Vulnerability (CVE-2011-0799)
Django CVE-2014-1418 Vulnerability (CVE-2014-1418)
WordPress Plugin RSS Feed Widget Cross-Site Scripting (2.8.0)