Wordpress Currency Switcher
Approved changes feed: RSS · Atom
cpe:2.3:a:pluginus:wordpress_currency_switcher:*:*:*:*:professional:wordpress:*:*
part: a version: * update: *
| Vendor | Pluginus (b2d4bfa9-c97b-5f60-91a9-fcfd90546f78) |
|---|---|
| Product | Wordpress Currency Switcher (380f226f-d97c-5dd3-a249-c29a329e3106) |
| Edition | * |
| Language | * |
| Software edition | professional |
| Target software | wordpress |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-30456 |
vulnerable | 2026-06-03 14:55:38.363745 |
WordPress WPCS – WordPress Currency Switcher Professional plugin <=1.2.0.1 - Cross Site Request Forgery (CSRF) vulnerability
MEDIUM (4.3)
Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WPCS.This issue affects WPCS: from n/a through 1.2.0.1.
Published: 2024-03-29T13:07:55.346Z
Updated: 2026-04-28T16:09:24.404Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-51506 |
vulnerable | 2026-06-03 14:53:32.351084 |
WordPress WPCS Plugin <= 1.2.0 is vulnerable to Cross Site Scripting (XSS)
MEDIUM (5.5)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in realmag777 WPCS – WordPress Currency Switcher Professional allows Stored XSS.This issue affects WPCS – WordPress Currency Switcher Professional: from n/a through 1.2.0.
Published: 2024-02-01T11:22:37.700Z
Updated: 2026-04-28T16:09:03.344Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-2556 |
vulnerable | 2026-06-03 14:51:43.376759 |
WPCS – WordPress Currency Switcher Professional <= 1.1.9 - Missing Authorization to Arbitrary Custom Drop-Down Currency Switcher Deletion
MEDIUM (4.3)
The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the anonymous function for the wpcs_sd_delete action in versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete an arbitrary custom drop-down currency switcher.
Published: 2023-06-09T05:33:30.695Z
Updated: 2026-04-08T17:18:41.980Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.