CVE-2021-4376
WooCommerce Multi Currency <= 2.1.17 - Missing Authorization
The WooCommerce Multi Currency plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.17. This makes it possible for authenticated attackers to change the price of a product to an arbitrary value.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Productos afectados
villatheme · CURCY – Multi Currency for WooCommerce – Smoothly on WooCommerce 9.x¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2734576%40woo-multi-currency&new=2734576%40woo-multi-currency&sfp_email=&sfph_mail=https://wordpress.org/plugins/woo-multi-currency/#developershttps://wpscan.com/vulnerability/480125bc-bab3-45b8-9325-a4d406655a61https://www.wordfence.com/threat-intel/vulnerabilities/id/d8a490c6-14c1-4c71-b44c-1e362cc892a8?source=cve