Vulnerabilities > CVE-2021-4376 - Missing Authorization vulnerability in Palscode Woocommerce Multi Currency

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

NONE

network

low complexity

palscode

CWE-862

NVD

Published: 2023-06-07

Updated: 2023-11-07

Summary

The WooCommerce Multi Currency plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.17. This makes it possible for authenticated attackers to change the price of a product to an arbitrary value.

Vulnerable Configurations

Part	Description	Count
Application	Palscode Palscode Woocommerce Multi Currency *	1

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

https://www.wordfence.com/threat-intel/vulnerabilities/id/d8a490c6-14c1-4c71-b44c-1e362cc892a8?source=cve
https://wpscan.com/vulnerability/480125bc-bab3-45b8-9325-a4d406655a61
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2734576%40woo-multi-currency&new=2734576%40woo-multi-currency&sfp_email=&sfph_mail=
https://wordpress.org/plugins/woo-multi-currency/#developers