cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-51506,https://securityvulnerability.io/vulnerability/CVE-2023-51506,WordPress WPCS Plugin <= 1.2.0 is vulnerable to Cross Site Scripting (XSS),"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in realmag777 WPCS – WordPress Currency Switcher Professional allows Stored XSS.This issue affects WPCS – WordPress Currency Switcher Professional: from n/a through 1.2.0.

",Wordpress,WPcs – WordPress Currency Switcher Professional,5.5,MEDIUM,0.0004799999878741801,false,,false,false,false,,false,false,2024-02-01T11:22:37.700Z,0
CVE-2023-2557,https://securityvulnerability.io/vulnerability/CVE-2023-2557,Unauthorized Data Modification in WPCS WordPress Currency Switcher Plugin,"The WPCS – WordPress Currency Switcher Professional plugin presents a critical vulnerability due to inadequate capability checks in its save function. This flaw affects versions up to and including 1.1.9, allowing authenticated attackers with subscriber-level permissions or higher to manipulate arbitrary custom drop-down currency switchers. As a result, unauthorized users can alter data within the plugin, posing a significant risk to site integrity.",Wordpress,WPCS – WordPress Currency Switcher Professional,4.3,MEDIUM,0.0006399999838322401,false,,false,false,false,,false,false,2023-06-09T06:16:00.000Z,0
CVE-2023-2555,https://securityvulnerability.io/vulnerability/CVE-2023-2555,Unauthorized Data Modification in WordPress Currency Switcher Plugin,"The WPCS - WordPress Currency Switcher Professional plugin is susceptible to unauthorized data modifications due to a missing capability check in its create function. This vulnerability affects versions up to and including 1.1.9, allowing authenticated users with subscriber-level permissions or higher to manipulate data by creating a custom currency switcher. This could lead to security breaches and impact user transactions, making it crucial for site administrators to apply updates and enhance their security protocols.",Wordpress,WPCS – WordPress Currency Switcher Professional,4.3,MEDIUM,0.0006399999838322401,false,,false,false,false,,false,false,2023-06-09T06:16:00.000Z,0
CVE-2023-2556,https://securityvulnerability.io/vulnerability/CVE-2023-2556,Unauthorized Data Modification in WordPress Currency Switcher by WPCS,"The WPCS (WordPress Currency Switcher Professional) plugin has a vulnerability that allows authenticated users, including those with subscriber-level permissions, to exploit a missing capability check. This weakness pertains to the handling of the wpcs_sd_delete action, potentially enabling these users to delete arbitrary custom currency switchers. As a result, this vulnerability poses a risk to site integrity and could disrupt the currency selection functionality on affected sites.",Wordpress,WPCS – WordPress Currency Switcher Professional,4.3,MEDIUM,0.0006399999838322401,false,,false,false,false,,false,false,2023-06-09T06:16:00.000Z,0
CVE-2023-2558,https://securityvulnerability.io/vulnerability/CVE-2023-2558,Stored Cross-Site Scripting Vulnerability in WordPress Currency Switcher Plugin by WPCS,The WPCS Currency Switcher Professional plugin for WordPress is vulnerable to a Stored Cross-Site Scripting (XSS) attack. This vulnerability arises from insufficient input sanitization and output escaping in the plugin's wpcs_current_currency shortcode. Authenticated attackers with contributor-level permissions or higher can inject malicious scripts that execute whenever a user accesses the compromised pages. It is crucial for site administrators to update to the latest version or apply necessary mitigations to protect against these attacks.,Wordpress,WPcs – WordPress Currency Switcher Professional,6.4,MEDIUM,0.0006399999838322401,false,,false,false,false,,false,false,2023-06-09T06:16:00.000Z,0