SQL Injection Vulnerability in RealMag777 FOX WooCommerce Currency Switcher Plugin
CVE-2026-39497

7.6HIGH

Key Information:

Vendor: WordPress
Status: Fox
Vendor: CVE Published:; 8 April 2026

What is CVE-2026-39497?

The RealMag777 FOX WooCommerce Currency Switcher plugin is susceptible to an SQL Injection vulnerability that can lead to unauthorized data access. This flaw allows attackers to execute arbitrary SQL queries against the underlying database, potentially exposing sensitive information. Affected versions include those up to and including 1.4.5, underscoring the importance of upgrading to secure versions to mitigate this risk.

Affected Version(s)

FOX 0 <= 1.4.5

References

https://patchstack.com/database/Wordpress/Plugin/woocomme...

vdb-entry

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 8, 2026
Vulnerability Reserved
Apr 7, 2026

Credit

timomangcut | Patchstack Bug Bounty Program

CVE-2026-39497 Data

JSON

WordPress

What is CVE-2026-39497?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit