GCVE - cpe:2.3:a:villatheme:curcy_–_multi_currency_for_woocommerce_–_smoothly_on_woocommerce

Approved changes feed: RSS · Atom

cpe:2.3:a:villatheme:curcy_–_multi_currency_for_woocommerce_–_smoothly_on_woocommerce_9.x:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Villatheme (`f6e46fcf-f7b5-547b-bdd5-2c693fe77a08`)
Product	Curcy – Multi Currency For Woocommerce – Smoothly On Woocommerce 9.X (`7c685b60-24db-5d6c-8151-863697b78f0a`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-13487`	vulnerable	2026-06-03 14:54:24.768866	CURCY – Multi Currency for WooCommerce <= 2.2.5 - Unauthenticated Arbitrary Shortcode Execution via get_products_price Function HIGH (7.3) The The CURCY – Multi Currency for WooCommerce – The best free currency exchange plugin – Run smoothly on WooCommerce 9.x plugin for WordPress is vulnerable to arbitrary shortcode execution via the get_products_price() function in all versions up to, and including, 2.2.5. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. Published: 2025-02-06T06:53:40.819Z Updated: 2026-06-03T14:25:41.033Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/d630dd85-0169-4582-a8ae-54e5053425ac?source=cve https://plugins.trac.wordpress.org/browser/woo-multi-currency/trunk/frontend/cache.php#L60 https://wordpress.org/plugins/woo-multi-currency/#developers https://plugins.trac.wordpress.org/changeset/3234505/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-4376`	vulnerable	2026-06-03 14:45:48.578190	WooCommerce Multi Currency <= 2.1.17 - Missing Authorization MEDIUM (4.3) The WooCommerce Multi Currency plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.17. This makes it possible for authenticated attackers to change the price of a product to an arbitrary value. Published: 2023-06-07T01:51:46.083Z Updated: 2026-04-08T17:26:55.408Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/d8a490c6-14c1-4c71-b44c-1e362cc892a8?source=cve https://wpscan.com/vulnerability/480125bc-bab3-45b8-9325-a4d406655a61 https://wordpress.org/plugins/woo-multi-currency/#developers https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2734576%40woo-multi-currency&new=2734576%40woo-multi-currency&sfp_email=&sfph_mail=	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Curcy – Multi Currency For Woocommerce – Smoothly On Woocommerce 9.X

PURL mappings

Vulnerability references

Contribute