CVE-2021-24566

The WooCommerce Currency Switcher FOX WordPress plugin before 1.3.7 was vulnerable to LFI attacks via the "woocs" shortcode.
Configurations

Configuration 1 (hide)

cpe:2.3:a:pluginus:fox_-_currency_switcher_professional_for_woocommerce:*:*:*:*:*:wordpress:*:*

History

23 Oct 2024, 15:35

Type Values Removed Values Added
CWE CWE-22

23 Jan 2024, 20:37

Type Values Removed Values Added
First Time Pluginus fox - Currency Switcher Professional For Woocommerce
Pluginus
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8
CPE cpe:2.3:a:pluginus:fox_-_currency_switcher_professional_for_woocommerce:*:*:*:*:*:wordpress:*:*
References () https://wpscan.com/vulnerability/a0bc4b13-53fe-462d-8306-8915196d3a5a/ - () https://wpscan.com/vulnerability/a0bc4b13-53fe-462d-8306-8915196d3a5a/ - Third Party Advisory
References () https://jetpack.com/2021/07/22/severe-vulnerability-patched-in-woocommerce-currency-switcher/ - () https://jetpack.com/2021/07/22/severe-vulnerability-patched-in-woocommerce-currency-switcher/ - Exploit, Third Party Advisory
CWE NVD-CWE-Other

16 Jan 2024, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-01-16 16:15

Updated : 2024-10-23 15:35


NVD link : CVE-2021-24566

Mitre link : CVE-2021-24566

CVE.ORG link : CVE-2021-24566


JSON object : View

Products Affected

pluginus

  • fox_-_currency_switcher_professional_for_woocommerce
CWE
NVD-CWE-Other CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')