First published: Fri Jun 09 2023(Updated: )
The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save function in versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to edit an arbitrary custom drop-down currency switcher.
Credit: security@wordfence.com
Affected Software | Affected Version | How to fix |
---|---|---|
Pluginus Wordpress Currency Switcher Professional | <=1.1.9 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-2557 is a vulnerability found in the WPCS – WordPress Currency Switcher Professional plugin for WordPress versions up to and including 1.1.9.
The severity of CVE-2023-2557 is medium (4.3).
CVE-2023-2557 allows authenticated attackers with subscriber-level permissions to perform unauthorized modification of data in the plugin.
To fix CVE-2023-2557, you should update the WPCS – WordPress Currency Switcher Professional plugin to a version higher than 1.1.9.
You can find more information about CVE-2023-2557 at the following references: [WordPress Plugin Directory](https://plugins.trac.wordpress.org/changeset/2911049/currency-switcher) and [Wordfence Threat Intelligence](https://www.wordfence.com/threat-intel/vulnerabilities/id/d4c79242-5c89-40c0-abcc-c112f7a64a74?source=cve).