Authorization Bypass in WooCommerce Multi Currency Plugin for WordPress
CVE-2021-4379

6.5MEDIUM

Key Information:

Vendor: Wordpress
Status: WooCommerce Multi Currency
Vendor: CVE Published:; 7 June 2023

Summary

The WooCommerce Multi Currency plugin for WordPress contains a vulnerability that allows authenticated attackers with subscriber-level permissions or higher to bypass authorization checks. This weakness arises from a missing capability check in the wmc_bulk_fixed_price function, enabling unauthorized modifications to product prices. The flaw affects versions up to and including 2.1.17, posing a risk of unapproved price adjustments that could disrupt store integrity.

Affected Version(s)

WooCommerce Multi Currency * <= 2.1.17

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://codecanyon.net/item/woocommerce-multi-currency/20...

https://blog.nintechnet.com/vulnerability-fixed-in-wordpr...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 7, 2023
Vulnerability Reserved
Jun 6, 2023

Credit

Jerome Bruandet