Really Simple Security logo

Log out
Get PRO

Latest

Input validation vulnerability in CURCY – Multi Currency for WooCommerce – The best free currency exchange plugin – Run smoothly on WooCommerce 8.x 2.2.3

  • Severity: medium-risk
  • Status: Fixed
  • Publication: October 15, 2024

The CURCY plugin for WordPress has a security issue that allows hackers to inject harmful code onto a website. This vulnerability affects versions up to 2.2.3 and is caused by not properly cleaning up user input and output. Attackers who are not logged in can exploit this vulnerability by tricking a user into clicking on a link, allowing the injected code to execute.

Detected in:

CURCY – Multi Currency for WooCommerce – Smoothly on WooCommerce 9.x fixed vulnerable versions:
CURCY – Multi Currency for WooCommerce – The best free currency exchange plugin – Run smoothly on WooCommerce 8.x fixed vulnerable versions:
CURCY – Multi Currency for WooCommerce – The best free currency exchange plugin – Run smoothly on WooCommerce 9.x fixed vulnerable versions:

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.