PT-2026-55513 · Villatheme · Curcy – Multi Currency For Woocommerce – Smoothly On Woocommerce 9.X

Sterva

·

Published

2026-07-03

·

Updated

2026-07-03

·

CVE-2026-11778

CVSS v3.1

5.4

Medium

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
The The CURCY – Multi Currency for WooCommerce – Smoothly on WooCommerce 9.x plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.2.14. This is due to the software allowing users to execute an action that does not properly validate a value before running do shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-11778

Affected Products

Curcy – Multi Currency For Woocommerce – Smoothly On Woocommerce 9.X