PT-2025-10688 · WordPress · Wpcs – Wordpress Currency Switcher Professional

Arkadiusz Hydzik

Published

2025-03-11

Updated

2025-03-11

CVE-2025-2169

CVSS v3.1

7.3

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions WPCS – WordPress Currency Switcher Professional plugin versions up to, and including, 1.2.0.4

Description The issue allows unauthenticated attackers to execute arbitrary shortcodes due to the software not properly validating a value before running do shortcode. This enables the execution of an action that can lead to arbitrary shortcode execution.

Recommendations For versions up to, and including, 1.2.0.4, update to a version that fixes this issue to prevent arbitrary shortcode execution.

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2025-2169

Affected Products

Wpcs – Wordpress Currency Switcher Professional

PT-2025-10688 · WordPress · Wpcs – Wordpress Currency Switcher Professional

CVE-2025-2169

Weakness Enumeration

Related Identifiers

Affected Products

References · 11