Wordpress Currency Switcher Professional
Approved changes feed: RSS · Atom
cpe:2.3:a:pluginus:wordpress_currency_switcher_professional:*:*:*:*:*:wordpress:*:*
part: a version: * update: *
| Vendor | Pluginus (b2d4bfa9-c97b-5f60-91a9-fcfd90546f78) |
|---|---|
| Product | Wordpress Currency Switcher Professional (9fce7bed-841e-5424-a02c-bb66883e4660) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | wordpress |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2023-2558 |
vulnerable | 2026-06-03 14:51:43.377633 |
WPCS – WordPress Currency Switcher Professional <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
MEDIUM (6.4)
The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpcs_current_currency shortcode in versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Published: 2023-06-09T05:33:31.519Z
Updated: 2026-04-08T17:19:05.554Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-2557 |
vulnerable | 2026-06-03 14:51:43.377260 |
WPCS – WordPress Currency Switcher Professional <= 1.1.9 - Missing Authorization to Arbitrary Custom Drop-Down Currency Switcher Editing
MEDIUM (4.3)
The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save function in versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to edit an arbitrary custom drop-down currency switcher.
Published: 2023-06-09T05:33:35.241Z
Updated: 2026-04-08T17:25:52.366Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-2555 |
vulnerable | 2026-06-03 14:51:43.374677 |
WPCS – WordPress Currency Switcher Professional <= 1.1.9 - Missing Authorization to Custom Drop-Down Currency Switcher Creation
MEDIUM (4.3)
The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the create function in versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to create a custom drop-down currency switcher.
Published: 2023-06-09T05:33:36.478Z
Updated: 2026-04-08T17:28:00.998Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.