Really Simple Security logo

Log out
Get PRO

Latest

Input validation vulnerability in CURCY – Multi Currency for WooCommerce 2.2.0

  • Severity: medium-risk
  • Status: Open
  • Publication: December 19, 2023

The CURCY – Multi Currency for WooCommerce plugin for WordPress is vulnerable to a type of security issue called Stored Cross-Site Scripting. This issue affects all versions of the plugin up to 2.2.0. This type of security issue is caused by the plugin not properly checking user input before it is stored or used, and not properly ‘escaping’ output. This means that an attacker with access to the plugin could inject malicious code into the plugin that would execute when a user visits a page with the injected code.

Detected in:

CURCY – Multi Currency for WooCommerce – Smoothly on WooCommerce 9.x fixed vulnerable versions:
CURCY – Multi Currency for WooCommerce – The best free currency exchange plugin – Run smoothly on WooCommerce 8.x fixed vulnerable versions:
CURCY – Multi Currency for WooCommerce – The best free currency exchange plugin – Run smoothly on WooCommerce 9.x fixed vulnerable versions:
CURCY – Multi Currency for WooCommerce open vulnerable versions: >= * <= 0

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.