PT-2026-55513 · Villatheme · Curcy – Multi Currency For Woocommerce – Smoothly On Woocommerce 9.X
Sterva
·
Publicado
2026-07-03
·
Atualizado
2026-07-03
·
CVE-2026-11778
CVSS v3.1
5.4
Média
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N |
The The CURCY – Multi Currency for WooCommerce – Smoothly on WooCommerce 9.x plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.2.14. This is due to the software allowing users to execute an action that does not properly validate a value before running do shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
Correção
Code Injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Curcy – Multi Currency For Woocommerce – Smoothly On Woocommerce 9.X