Vulnerabilities > CVE-2019-18668 - Improper Handling of Exceptional Conditions vulnerability in Wpwham Currency Switcher for Woocommerce
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
NONE Integrity impact
HIGH Availability impact
NONE Summary
An issue was discovered in the Currency Switcher addon before 2.11.2 for WooCommerce if a user provides a currency that was not added by the administrator. In this case, even though the currency does not exist, it will be selected, but a price amount will fall back to the default currency. This means that if an attacker provides a currency that does not exist and is worth less than this default, the attacker can eventually purchase an item for a significantly cheaper price.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://wordpress.org/plugins/currency-switcher-woocommerce/#developers
- https://wordpress.org/plugins/currency-switcher-woocommerce/#developers
- https://wpvulndb.com/vulnerabilities/9936
- https://wpvulndb.com/vulnerabilities/9936
- https://www.infigo.hr/en/critical-vulnerability-in-currency-switcher-for-woocommerce-n61
- https://www.infigo.hr/en/critical-vulnerability-in-currency-switcher-for-woocommerce-n61