Stored Cross-Site Scripting Vulnerability in FOX Currency Switcher Professional for WooCommerce
CVE-2023-6556
5.4MEDIUM
Key Information:
- Vendor
Wordpress
- Vendor
- CVE Published:
- 11 January 2024
What is CVE-2023-6556?
The FOX – Currency Switcher Professional for WooCommerce plugin features a Stored Cross-Site Scripting vulnerability due to inadequate input sanitization and output escaping for currency options. This flaw allows authenticated attackers, with subscriber-level or higher access, to inject malicious web scripts. As a result, these scripts execute whenever a user loads an affected page, posing considerable risk to site integrity and user safety.
Affected Version(s)
FOX – Currency Switcher Professional for WooCommerce * <= 1.4.1.6