Search criteria
3 vulnerabilities found for currency_switcher_for_woocommerce by wpwham
FKIE_CVE-2019-18668
Vulnerability from fkie_nvd - Published: 2019-11-02 16:15 - Updated: 2024-11-21 04:33
Severity ?
Summary
An issue was discovered in the Currency Switcher addon before 2.11.2 for WooCommerce if a user provides a currency that was not added by the administrator. In this case, even though the currency does not exist, it will be selected, but a price amount will fall back to the default currency. This means that if an attacker provides a currency that does not exist and is worth less than this default, the attacker can eventually purchase an item for a significantly cheaper price.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://wordpress.org/plugins/currency-switcher-woocommerce/#developers | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://wpvulndb.com/vulnerabilities/9936 | Third Party Advisory | |
| cve@mitre.org | https://www.infigo.hr/en/critical-vulnerability-in-currency-switcher-for-woocommerce-n61 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wordpress.org/plugins/currency-switcher-woocommerce/#developers | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wpvulndb.com/vulnerabilities/9936 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.infigo.hr/en/critical-vulnerability-in-currency-switcher-for-woocommerce-n61 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| wpwham | currency_switcher_for_woocommerce | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wpwham:currency_switcher_for_woocommerce:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "50709498-6D63-4AF4-BCD3-671A339C7CB9",
"versionEndExcluding": "2.11.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the Currency Switcher addon before 2.11.2 for WooCommerce if a user provides a currency that was not added by the administrator. In this case, even though the currency does not exist, it will be selected, but a price amount will fall back to the default currency. This means that if an attacker provides a currency that does not exist and is worth less than this default, the attacker can eventually purchase an item for a significantly cheaper price."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en el addon Currency Switcher anteriores a 2.11.2 para WooCommerce, si un usuario suministra una moneda que no fue agregada por el administrador. En este caso, aunque la moneda no exista, ser\u00e1 seleccionada, pero el monto del precio regresar\u00e1 a la moneda predeterminada. Esto significa que si un atacante suministra una moneda que no existe y vale menos que este valor predeterminado, el atacante puede comprar un art\u00edculo a un precio significativamente m\u00e1s barato."
}
],
"id": "CVE-2019-18668",
"lastModified": "2024-11-21T04:33:29.677",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-02T16:15:10.310",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://wordpress.org/plugins/currency-switcher-woocommerce/#developers"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://wpvulndb.com/vulnerabilities/9936"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.infigo.hr/en/critical-vulnerability-in-currency-switcher-for-woocommerce-n61"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://wordpress.org/plugins/currency-switcher-woocommerce/#developers"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://wpvulndb.com/vulnerabilities/9936"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.infigo.hr/en/critical-vulnerability-in-currency-switcher-for-woocommerce-n61"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-755"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2019-18668 (GCVE-0-2019-18668)
Vulnerability from cvelistv5 – Published: 2019-11-02 15:29 – Updated: 2024-08-05 01:54
VLAI?
Summary
An issue was discovered in the Currency Switcher addon before 2.11.2 for WooCommerce if a user provides a currency that was not added by the administrator. In this case, even though the currency does not exist, it will be selected, but a price amount will fall back to the default currency. This means that if an attacker provides a currency that does not exist and is worth less than this default, the attacker can eventually purchase an item for a significantly cheaper price.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:54:14.483Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.infigo.hr/en/critical-vulnerability-in-currency-switcher-for-woocommerce-n61"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/currency-switcher-woocommerce/#developers"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpvulndb.com/vulnerabilities/9936"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the Currency Switcher addon before 2.11.2 for WooCommerce if a user provides a currency that was not added by the administrator. In this case, even though the currency does not exist, it will be selected, but a price amount will fall back to the default currency. This means that if an attacker provides a currency that does not exist and is worth less than this default, the attacker can eventually purchase an item for a significantly cheaper price."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-04T15:06:24",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.infigo.hr/en/critical-vulnerability-in-currency-switcher-for-woocommerce-n61"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/currency-switcher-woocommerce/#developers"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpvulndb.com/vulnerabilities/9936"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18668",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the Currency Switcher addon before 2.11.2 for WooCommerce if a user provides a currency that was not added by the administrator. In this case, even though the currency does not exist, it will be selected, but a price amount will fall back to the default currency. This means that if an attacker provides a currency that does not exist and is worth less than this default, the attacker can eventually purchase an item for a significantly cheaper price."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.infigo.hr/en/critical-vulnerability-in-currency-switcher-for-woocommerce-n61",
"refsource": "MISC",
"url": "https://www.infigo.hr/en/critical-vulnerability-in-currency-switcher-for-woocommerce-n61"
},
{
"name": "https://wordpress.org/plugins/currency-switcher-woocommerce/#developers",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/currency-switcher-woocommerce/#developers"
},
{
"name": "https://wpvulndb.com/vulnerabilities/9936",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/9936"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-18668",
"datePublished": "2019-11-02T15:29:16",
"dateReserved": "2019-11-02T00:00:00",
"dateUpdated": "2024-08-05T01:54:14.483Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-18668 (GCVE-0-2019-18668)
Vulnerability from nvd – Published: 2019-11-02 15:29 – Updated: 2024-08-05 01:54
VLAI?
Summary
An issue was discovered in the Currency Switcher addon before 2.11.2 for WooCommerce if a user provides a currency that was not added by the administrator. In this case, even though the currency does not exist, it will be selected, but a price amount will fall back to the default currency. This means that if an attacker provides a currency that does not exist and is worth less than this default, the attacker can eventually purchase an item for a significantly cheaper price.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:54:14.483Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.infigo.hr/en/critical-vulnerability-in-currency-switcher-for-woocommerce-n61"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/currency-switcher-woocommerce/#developers"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpvulndb.com/vulnerabilities/9936"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the Currency Switcher addon before 2.11.2 for WooCommerce if a user provides a currency that was not added by the administrator. In this case, even though the currency does not exist, it will be selected, but a price amount will fall back to the default currency. This means that if an attacker provides a currency that does not exist and is worth less than this default, the attacker can eventually purchase an item for a significantly cheaper price."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-04T15:06:24",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.infigo.hr/en/critical-vulnerability-in-currency-switcher-for-woocommerce-n61"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/currency-switcher-woocommerce/#developers"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpvulndb.com/vulnerabilities/9936"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18668",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the Currency Switcher addon before 2.11.2 for WooCommerce if a user provides a currency that was not added by the administrator. In this case, even though the currency does not exist, it will be selected, but a price amount will fall back to the default currency. This means that if an attacker provides a currency that does not exist and is worth less than this default, the attacker can eventually purchase an item for a significantly cheaper price."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.infigo.hr/en/critical-vulnerability-in-currency-switcher-for-woocommerce-n61",
"refsource": "MISC",
"url": "https://www.infigo.hr/en/critical-vulnerability-in-currency-switcher-for-woocommerce-n61"
},
{
"name": "https://wordpress.org/plugins/currency-switcher-woocommerce/#developers",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/currency-switcher-woocommerce/#developers"
},
{
"name": "https://wpvulndb.com/vulnerabilities/9936",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/9936"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-18668",
"datePublished": "2019-11-02T15:29:16",
"dateReserved": "2019-11-02T00:00:00",
"dateUpdated": "2024-08-05T01:54:14.483Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}