Stored Cross-Site Scripting Vulnerability in FOX Currency Switcher Professional for WooCommerce
CVE-2023-6556

5.4MEDIUM

Key Information:

Vendor

Wordpress
Status
FOX – Currency Switcher Professional for WooCommerce
Vendor
CVE Published:
11 January 2024

What is CVE-2023-6556?

The FOX – Currency Switcher Professional for WooCommerce plugin features a Stored Cross-Site Scripting vulnerability due to inadequate input sanitization and output escaping for currency options. This flaw allows authenticated attackers, with subscriber-level or higher access, to inject malicious web scripts. As a result, these scripts execute whenever a user loads an affected page, posing considerable risk to site integrity and user safety.

Affected Version(s)

FOX – Currency Switcher Professional for WooCommerce * <= 1.4.1.6

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://plugins.trac.wordpress.org/browser/woocommerce-cu...
https://plugins.trac.wordpress.org/browser/woocommerce-cu...

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Lucio Sá
.
The Cyber Security Vulnerability Database.