ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Currency Switcher for WooCommerce <= 2.11.1 - Security Restrictions Bypass vulnerability

Product
Currency Switcher for WooCommerce
Description
Security Restrictions Bypass vulnerability found by Luka Šikić in WordPress Currency Switcher for WooCommerce (versions <= 2.11.1)
Solution
Update the WordPress Currency Switcher for WooCommerce plugin to the latest available version (at least 2.11.2).
Classification
Type BYPASS
OWASP Top 10 A7: Missing Function Level Access Control
References
Plugin changelog
CVE
Name CVE-2019-18668
Versions
Affected In <= 2.11.1
Fixed In 2.11.2
Disclosure date
2019-11-04
Credits
Luka Šikić
Submitter
ThreatPress