Description
WordPress Plugin WOOCS-Currency Switcher for WooCommerce Professional is prone to a local file inclusion vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin WOOCS-Currency Switcher for WooCommerce Professional version 1.3.6.2 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.3.7 or latest
References
https://mp.weixin.qq.com/s/2DqN3EsHqG24AjMy8scecA
https://jetpack.com/2021/07/22/severe-vulnerability-patched-in-woocommerce-currency-switcher/
https://plugins.svn.wordpress.org/woocommerce-currency-switcher/trunk/readme.txt
Related Vulnerabilities
Apache Tomcat CVE-2016-6794 Vulnerability (CVE-2016-6794)
WordPress Plugin WP Product Review Lite Cross-Site Scripting (3.7.5)
WordPress Plugin PHP Speedy 'admin_container.php' Remote PHP Code Execution (0.5.2)
MongoDb Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2021-20326)