cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-10640,https://securityvulnerability.io/vulnerability/CVE-2024-10640,Arbitrary Short Code Execution Vulnerability in Currency Switcher Professional for WooCommerce,"The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress suffers from a vulnerability that allows for arbitrary shortcode execution. This issue affects all versions up to and including 1.4.2.2. The vulnerability arises when the software permits users to execute an action without appropriately validating the input value prior to invoking the do_shortcode function. As a result, attackers, who do not require authentication, are able to exploit this flaw to execute arbitrary shortcodes, potentially compromising the security and functionality of affected WordPress sites.",Wordpress,Fox – Currency Switcher Professional For WooCommerce,7.3,HIGH,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-11-09T11:19:44.210Z,0
CVE-2024-8271,https://securityvulnerability.io/vulnerability/CVE-2024-8271,Unauthenticated Arbitrary Shortcode Execution Vulnerability in Currency Switcher Professional for WooCommerce plugin,"The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress has a vulnerability that allows unauthenticated users to execute arbitrary shortcodes. This issue arises because the 'woocs_get_custom_price_html' function does not adequately validate input values before processing them through the do_shortcode functionality. As a result, attackers can exploit this weakness in any version up to and including 1.4.2.1, potentially leading to unauthorized actions and security breaches.",Wordpress,Fox - Currency Switcher Professional For WooCommerce,7.3,HIGH,0.0005200000014156103,false,,false,false,false,,,false,false,,2024-09-14T03:15:00.000Z,0
CVE-2023-6556,https://securityvulnerability.io/vulnerability/CVE-2023-6556,Stored Cross-Site Scripting Vulnerability in FOX Currency Switcher Professional for WooCommerce,"The FOX – Currency Switcher Professional for WooCommerce plugin features a Stored Cross-Site Scripting vulnerability due to inadequate input sanitization and output escaping for currency options. This flaw allows authenticated attackers, with subscriber-level or higher access, to inject malicious web scripts. As a result, these scripts execute whenever a user loads an affected page, posing considerable risk to site integrity and user safety.",Wordpress,FOX – Currency Switcher Professional for WooCommerce,5.4,MEDIUM,0.0006600000197067857,false,,false,false,false,,,false,false,,2024-01-11T08:32:45.695Z,0