PT-2026-55513 · Villatheme · Curcy – Multi Currency For Woocommerce – Smoothly On Woocommerce 9.X

Sterva

·

Publicado

2026-07-03

·

Atualizado

2026-07-03

·

CVE-2026-11778

CVSS v3.1

5.4

Média

VetorAV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
The The CURCY – Multi Currency for WooCommerce – Smoothly on WooCommerce 9.x plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.2.14. This is due to the software allowing users to execute an action that does not properly validate a value before running do shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.

Correção

Code Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

Enumeração de Fraquezas

Identificadores relacionados

CVE-2026-11778

Produtos afetados

Curcy – Multi Currency For Woocommerce – Smoothly On Woocommerce 9.X