CVE-2024-10640

Published Nov 9, 2024

Last updated 5 days ago

CVSS high 7.3

Overview

Description
The The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.4.2.2. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
Source
security@wordfence.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Primary
Base score
7.3
Impact score
3.4
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Severity
HIGH

Weaknesses

security@wordfence.com
CWE-94

Social media

Hype score
Not currently trending

  1. 🚨 CVE-2024-10640 (Published: 2024-11-09) - A high-severity vulnerability in WooCommerce Currency Switcher affects multiple versions. Users are urged to update to the latest version to mitigate risks. Stay secure! 🔒 More info: https://t.co/l2sRNaexSE #WordPress #Security

    @transilienceai

    13 Nov 2024

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🔒 CVE-2024-10640 (Published: 2024-11-09) affects WooCommerce Currency Switcher. Exploited in versions prior to 3183018. 🚨 Remediation: Update to the latest version to secure your site. Stay safe and keep your plugins up to date! More info: https://t.co/y9CHfrcurC

    @transilienceai

    13 Nov 2024

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 🚨 CVE-2024-10640 (Published: 2024-11-09) - A high-severity vulnerability in WooCommerce Currency Switcher affects multiple versions. Users are urged to update to the latest version immediately to mitigate risks. Stay secure! 🔒 More info: https://t.co/l2sRNaexSE

    @transilienceai

    13 Nov 2024

    18 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. CVE-2024-10640 The The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including,… https://t.co/ciGUMXMIcG

    @CVEnew

    9 Nov 2024

    111 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References