Description

WordPress Plugin WOOCS-WooCommerce Currency Switcher. Professional and Free multi currency-Pay in selected currency is prone to a local file inclusion vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin WOOCS-WooCommerce Currency Switcher. Professional and Free multi currency-Pay in selected currency version 1.3.6.2 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 1.3.7 or latest

References

https://jetpack.com/2021/07/22/severe-vulnerability-patched-in-woocommerce-currency-switcher/

https://plugins.svn.wordpress.org/woocommerce-currency-switcher/trunk/readme.txt

Related Vulnerabilities

WordPress Plugin Shoppable Images Lite Multiple Vulnerabilities (1.0.0)

Joomla! Core 3.x.x Cross-Site Scripting (3.6.0 - 3.9.6)

WordPress Plugin Form Maker by 10Web-Mobile-Friendly Drag & Drop Contact Form Builder SQL Injection (1.14.2)

WordPress Plugin bbPress Security Bypass (2.6.3)

WordPress Plugin Complete Gallery Manager for WordPress Arbitrary File Upload (3.3.3)

Severity

High

Classification

CVE-2021-24566 CWE-98 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Tags

Missing Update File Inclusion