Fox Currency Switcher Professional For Woocommerce
Approved changes feed: RSS · Atom
cpe:2.3:a:pluginus:fox_-_currency_switcher_professional_for_woocommerce:*:*:*:*:*:wordpress:*:*
part: a version: * update: *
| Vendor | Pluginus (b2d4bfa9-c97b-5f60-91a9-fcfd90546f78) |
|---|---|
| Product | Fox Currency Switcher Professional For Woocommerce (d587b1c4-97b8-57a3-977f-cb476eb6059c) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | wordpress |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-8271 |
vulnerable | 2026-06-03 14:58:17.651187 |
FOX – Currency Switcher Professional for WooCommerce <= 1.4.2.1 - Unauthenticated Arbitrary Shortcode Execution
HIGH (7.3)
The The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.4.2.1. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode in the 'woocs_get_custom_price_html' function. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
Published: 2024-09-14T02:04:21.236Z
Updated: 2026-04-08T17:28:24.731Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-3734 |
vulnerable | 2026-06-03 14:56:31.846149 |
FOX – Currency Switcher Professional for WooCommerce <= 1.4.1.8 - Unauthenticated Arbitrary Shortcode Execution
MEDIUM (6.5)
The FOX – Currency Switcher Professional for WooCommerce plugin is vulnerable to Unauthenticated Arbitrary Shortcode Execution in versions up to, and including, 1.4.1.8. This allows unauthenticated attackers to execute arbitrary shortcodes. The severity and exploitability depends on what other plugins are installed and what shortcode functionality they provide.
Published: 2024-05-02T16:52:03.882Z
Updated: 2026-04-08T16:51:09.984Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-30458 |
vulnerable | 2026-06-03 14:55:38.367815 |
WordPress FOX – Currency Switcher Professional for WooCommerce plugin <= 1.4.1.7 - Cross Site Request Forgery (CSRF) vulnerability
MEDIUM (4.3)
Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOOCS – WooCommerce Currency Switcher.This issue affects WOOCS – WooCommerce Currency Switcher: from n/a through 1.4.1.7.
Published: 2024-03-29T13:05:15.053Z
Updated: 2026-04-28T16:09:24.466Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-6556 |
vulnerable | 2026-06-03 14:53:52.133995 |
FOX – Currency Switcher Professional for WooCommerce <= 1.4.1.6 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting
MEDIUM (5.4)
The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via currency options in all versions up to, and including, 1.4.1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Published: 2024-01-11T08:32:45.695Z
Updated: 2026-04-08T17:06:05.531Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-49834 |
vulnerable | 2026-06-03 14:53:26.540420 |
WordPress WOOCS – WooCommerce Currency Switcher Plugin <= 1.4.1.4 is vulnerable to Cross Site Request Forgery (CSRF)
MEDIUM (5.4)
Cross-Site Request Forgery (CSRF) vulnerability in realmag777 FOX – Currency Switcher Professional for WooCommerce.This issue affects FOX – Currency Switcher Professional for WooCommerce: from n/a through 1.4.1.4.
Published: 2023-12-17T10:38:49.072Z
Updated: 2026-04-28T16:08:58.315Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-4431 |
vulnerable | 2026-06-03 14:48:35.695858 |
WOOCS < 1.3.9.4 - Contributor+ Stored XSS
The WOOCS WordPress plugin before 1.3.9.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.
Published: 2023-01-16T15:38:11.306Z
Updated: 2025-04-04T20:27:19.326Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-24566 |
vulnerable | 2026-06-03 14:43:57.480355 |
WooCommerce Currency Switcher < 1.3.7 - Authenticated (Low Privilege) Local File Inclusion
The WooCommerce Currency Switcher FOX WordPress plugin before 1.3.7 was vulnerable to LFI attacks via the "woocs" shortcode.
Published: 2024-01-16T15:48:44.185Z
Updated: 2025-06-11T17:11:16.128Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.