- Description
- The The CURCY – Multi Currency for WooCommerce – The best free currency exchange plugin – Run smoothly on WooCommerce 9.x plugin for WordPress is vulnerable to arbitrary shortcode execution via the get_products_price() function in all versions up to, and including, 2.2.5. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
- Source
- security@wordfence.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 7.3
- Impact score
- 3.4
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
- Severity
- HIGH
- security@wordfence.com
- CWE-94
- Hype score
- Not currently trending
CVE-2024-13487 Unauthenticated Arbitrary Shortcode Execution in CURCY WooCommerce Plugin https://t.co/TNUGfuIfJN
@VulmonFeeds
6 Feb 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-13487: Code Injection in The CURCY WC Plugin, 7.3 rating❗️ Vuln allows unauthenticated users to execute arbitrary shortcodes into popular free currency plugin. Search at https://t.co/hv7QKSqxTR: 👉 Link: https://t.co/QlFklJAQqr #cybersecurity #vulnerability_map https:
@Netlas_io
6 Feb 2025
470 Impressions
3 Retweets
5 Likes
2 Bookmarks
0 Replies
0 Quotes
CVE-2024-13487 The The CURCY – Multi Currency for WooCommerce – The best free currency exchange plugin – Run smoothly on WooCommerce 9.x plugin for WordPress is vulnerable to arbitr… https://t.co/tpVXgCbGq6
@CVEnew
6 Feb 2025
384 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes