CVE-2024-10640

Name of the Vulnerable Software and Affected Versions The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress versions up to, and including, 1.4.2.2

Description The issue is due to the software allowing users to execute an action that does not properly validate a value before running do shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. The vulnerability affects multiple versions of the WooCommerce Currency Switcher plugin.

Recommendations Update to the latest version to secure your site. As a temporary workaround, consider restricting the execution of shortcodes to minimize the risk of exploitation.