Vulnerabilities > Pluginus > FOX Currency Switcher Professional FOR Woocommerce

DATE CVE VULNERABILITY TITLE RISK
2024-09-14 CVE-2024-8271 Code Injection vulnerability in Pluginus FOX - Currency Switcher Professional for Woocommerce
The The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.4.2.1.
network
low complexity
pluginus CWE-94
7.3
7.3
2024-01-16 CVE-2021-24566 Unspecified vulnerability in Pluginus FOX - Currency Switcher Professional for Woocommerce
The WooCommerce Currency Switcher FOX WordPress plugin before 1.3.7 was vulnerable to LFI attacks via the "woocs" shortcode.
network
low complexity
pluginus
8.8
8.8
2024-01-11 CVE-2023-6556 Cross-site Scripting vulnerability in Pluginus FOX - Currency Switcher Professional for Woocommerce
The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via currency options in all versions up to, and including, 1.4.1.5 due to insufficient input sanitization and output escaping.
network
low complexity
pluginus CWE-79
5.4
5.4
2023-12-17 CVE-2023-49834 Cross-Site Request Forgery (CSRF) vulnerability in Pluginus FOX - Currency Switcher Professional for Woocommerce
Cross-Site Request Forgery (CSRF) vulnerability in realmag777 FOX – Currency Switcher Professional for WooCommerce.This issue affects FOX – Currency Switcher Professional for WooCommerce: from n/a through 1.4.1.4.
network
low complexity
pluginus CWE-352
8.8
8.8
2023-01-16 CVE-2022-4431 Unspecified vulnerability in Pluginus FOX - Currency Switcher Professional for Woocommerce
The WOOCS WordPress plugin before 1.3.9.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.
network
low complexity
pluginus
5.4
5.4