Cross-Site Scripting Vulnerability in RealMag777 Currency Switcher Plugin
CVE-2026-42733

7.1HIGH

Key Information:

Vendor: WordPress
Status: WPcs
Vendor: CVE Published:; 27 May 2026

What is CVE-2026-42733?

A cross-site scripting (XSS) vulnerability exists in the RealMag777 WPCS currency-switcher plugin, allowing attackers to inject arbitrary script code into web pages. This flaw affects versions of the plugin from n/a up to and including 1.3.1. Exploitation of this vulnerability can lead to compromised user sessions and sensitive data exposure. It is crucial for site administrators to apply necessary patches and updates to mitigate this risk.

Affected Version(s)

WPCS 0 <= 1.3.1

References

https://patchstack.com/database/Wordpress/Plugin/currency...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 27, 2026
Vulnerability Reserved
Apr 29, 2026

Credit

hhhai | Patchstack Bug Bounty Program

CVE-2026-42733 Data

JSON