← Back

Fox Currency Switcher Professional For Woocommerce

fox_-_currency_switcher_professional_for_woocommerce

Vendor: Pluginus • 6 CVEs

CVEs (6)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2024-8271
1Pluginus
1Fox Currency Switcher Professional For Woocommerce
Sep 27, 2024
Sep 14, 2024
N/A· v4
7.3 HIGH· v3
N/A· v2
The The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.4.2.1. This is due to the software allowing users t...Show more
The The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.4.2.1. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode in the 'woocs_get_custom_price_html' function. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.Show less
CVE-2024-30458
1Pluginus
1Fox Currency Switcher Professional For Woocommerce
Apr 28, 2026
Mar 29, 2024
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOOCS – WooCommerce Currency Switcher.This issue affects WOOCS – WooCommerce Currency Switcher: from n/a through 1.4.1.7.
CVE-2021-24566
1Pluginus
1Fox Currency Switcher Professional For Woocommerce
Jun 11, 2025
Jan 16, 2024
N/A· v4
8.8 HIGH· v3
N/A· v2
The WooCommerce Currency Switcher FOX WordPress plugin before 1.3.7 was vulnerable to LFI attacks via the "woocs" shortcode.
CVE-2023-6556
1Pluginus
1Fox Currency Switcher Professional For Woocommerce
Apr 8, 2026
Jan 11, 2024
N/A· v4
5.4 MEDIUM· v3
N/A· v2
The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via currency options in all versions up to, and including, 1.4.1.5 due to insufficient input sani...Show more
The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via currency options in all versions up to, and including, 1.4.1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.Show less
CVE-2023-49834
1Pluginus
1Fox Currency Switcher Professional For Woocommerce
Apr 28, 2026
Dec 17, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in realmag777 FOX – Currency Switcher Professional for WooCommerce.This issue affects FOX – Currency Switcher Professional for WooCommerce: from n/a through 1.4.1.4.
CVE-2022-4431
1Pluginus
1Fox Currency Switcher Professional For Woocommerce
Apr 4, 2025
Jan 16, 2023
N/A· v4
5.4 MEDIUM· v3
N/A· v2
The WOOCS WordPress plugin before 1.3.9.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored...Show more
The WOOCS WordPress plugin before 1.3.9.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.Show less