Arbitrary Short Code Execution Vulnerability in Currency Switcher Professional for WooCommerce
CVE-2024-10640
7.3HIGH
Key Information:
- Vendor
Wordpress
- Vendor
- CVE Published:
- 9 November 2024
What is CVE-2024-10640?
The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress suffers from a vulnerability that allows for arbitrary shortcode execution. This issue affects all versions up to and including 1.4.2.2. The vulnerability arises when the software permits users to execute an action without appropriately validating the input value prior to invoking the do_shortcode function. As a result, attackers, who do not require authentication, are able to exploit this flaw to execute arbitrary shortcodes, potentially compromising the security and functionality of affected WordPress sites.
Affected Version(s)
FOX – Currency Switcher Professional for WooCommerce * <= 1.4.2.2