Security Flaw in WooCommerce Currency Switcher Plugin by WordPress
CVE-2019-18668

6.5MEDIUM

Key Information:

Vendor

WordPress
Status
Currency Switcher For WooCommerce
Vendor
CVE Published:
2 November 2019

What is CVE-2019-18668?

A vulnerability exists in the Currency Switcher addon for WooCommerce where users can provide unauthorized currencies. When an invalid currency is submitted, the system defaults to a standard currency but could allow attackers to exploit this oversight. By selecting a non-existent currency with a value lower than the default, attackers can potentially purchase items at greatly reduced prices, circumventing intended pricing controls and leading to financial loss for merchants.

References

https://www.infigo.hr/en/critical-vulnerability-in-curren...
x_refsource_MISC
https://wordpress.org/plugins/currency-switcher-woocommer...
x_refsource_MISC
https://wpvulndb.com/vulnerabilities/9936
x_refsource_MISC

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.