Description
WordPress Plugin WooCommerce Multi Currency-Currency Switcher is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently change the price of all products. WordPress Plugin WooCommerce Multi Currency-Currency Switcher version 2.1.17 is vulnerable; prior versions are also affected.
Remediation
Update to plugin version 2.1.18 or latest
References
Related Vulnerabilities
Atlassian Jira CVE-2019-20404 Vulnerability (CVE-2019-20404)
WordPress Plugin Post to CSV by BestWebSoft CSV Injection (1.4.0)
Apache Tomcat Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-2729)
Ruby Use of Externally-Controlled Format String Vulnerability (CVE-2018-8778)
WordPress Plugin Import all XML, CSV & TXT into WordPress Security Bypass (6.4.1)