Description
WordPress Plugin WOOCS-WooCommerce Currency Switcher. Professional and Free multi currency-Pay in selected currency is prone to a local file inclusion vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin WOOCS-WooCommerce Currency Switcher. Professional and Free multi currency-Pay in selected currency version 1.3.6.2 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.3.7 or latest
References
https://jetpack.com/2021/07/22/severe-vulnerability-patched-in-woocommerce-currency-switcher/
https://plugins.svn.wordpress.org/woocommerce-currency-switcher/trunk/readme.txt
Related Vulnerabilities
WordPress Plugin WP-T-Wap Cross-Site Scripting (1.13.2)
WordPress Plugin Download Monitor Information Disclosure (1.6.3)
WordPress Plugin Gwolle Guestbook Cross-Site Scripting (2.5.3)
WordPress Plugin WP Fastest Cache Cross-Site Request Forgery (0.8.3.4)
WordPress Plugin YITH Maintenance Mode Cross-Site Scripting (1.3.7)