WPCS - WordPress Currency Switcher Professional
Moderate fix1 remedy
cpe:2.3:a:pluginus:wordpress_currency_switcher:*:*:*:*:wordpress:*:*
Moderate fix1 remedy
- <= 1.2.0.4
WPCS WordPress Currency Switcher Professional Plugin Shortcode Execution Vulnerability
Vulnerability
Patched
A vulnerability allowing arbitrary shortcode execution has been identified in the WPCS - WordPress Currency Switcher Professional plugin, affecting all versions through 1.2.0.4. The issue arises because the plugin does not properly validate user input before executing shortcodes, allowing unauthenticated users to execute arbitrary shortcodes on the site.
Impact
Exploitation of this vulnerability allows for arbitrary shortcode execution, which could be used to execute potentially harmful actions or scripts on the WordPress site.
Reproduction
The vulnerability can be reproduced by sending a request to the WordPress site with the 'currency-switcher' parameter. This can be done through the WordPress admin area or by using a tool like Postman to send the request. The request must include a value that contains the shortcode to be executed. Once the request is sent, the specified shortcode will be executed on the site, demonstrating the vulnerability.
Remediation
Users are advised to update the WPCS - WordPress Currency Switcher Professional plugin to version 1.2.0.5 or later.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
3.4impact
1.3exploitability
9.3remediation
7.7relevance
0.0threat
4.8urgency
2.9incentive
10.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.