Description
WordPress Plugin WOOCS-Currency Switcher for WooCommerce Professional is prone to a local file inclusion vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin WOOCS-Currency Switcher for WooCommerce Professional version 1.3.6.2 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.3.7 or latest
References
https://mp.weixin.qq.com/s/2DqN3EsHqG24AjMy8scecA
https://jetpack.com/2021/07/22/severe-vulnerability-patched-in-woocommerce-currency-switcher/
https://plugins.svn.wordpress.org/woocommerce-currency-switcher/trunk/readme.txt
Related Vulnerabilities
WordPress Plugin Welcart e-Commerce PHP Object Injection (1.9.35)
Ruby on Rails Inefficient Regular Expression Complexity Vulnerability (CVE-2023-22792)
WordPress Plugin WP Hardening-Fix Your WordPress Security Cross-Site Scripting (1.2.1)
MySQL CVE-2014-2438 Vulnerability (CVE-2014-2438)
Nginx Uncontrolled Resource Consumption Vulnerability (CVE-2018-16843)