CVE-2019-18668

Name of the Vulnerable Software and Affected Versions Currency Switcher addon for WooCommerce versions prior to 2.11.2

Description An issue allows an attacker to purchase items at a significantly cheaper price by providing a non-existent currency that is worth less than the default currency. If a user provides a currency not added by the administrator, it will be selected, but the price amount will fall back to the default currency.

Recommendations For versions prior to 2.11.2, update to version 2.11.2 or later to resolve the issue. As a temporary workaround, consider restricting the currency selection to only those added by the administrator to minimize the risk of exploitation.