CVE-2021-4379

Name of the Vulnerable Software and Affected Versions WooCommerce Multi Currency plugin for WordPress versions up to, and including, 2.1.17

Description The issue is related to authorization bypass due to a missing capability check on the wmc bulk fixed price function. This allows authenticated attackers with subscriber-level permissions and above to make changes to product prices.

Recommendations For versions up to, and including, 2.1.17, update to a version higher than 2.1.17 to resolve the issue. As a temporary workaround, consider restricting access to the wmc bulk fixed price function to prevent unauthorized changes to product prices.