FOX – Currency Switcher Professional for WooCommerce < 1.4.1.9 – Unauthenticated Arbitrary Shortcode Execution | CVE 2024-3734 | Plugin Vulnerabilities

Description

The FOX – Currency Switcher Professional for WooCommerce plugin is vulnerable to Unauthenticated Arbitrary Shortcode Execution in versions up to, and including, 1.4.1.8. This allows unauthenticated attackers to execute arbitrary shortcodes. The severity and exploitability depends on what other plugins are installed and what shortcode functionality they provide.

Affects Plugins

woocommerce-currency-switcher

Fixed in 1.4.1.9

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/4c1d49d0-c9aa-401c-80b9-d4df7fe97691

Classification

Type

RCE

OWASP top 10

CWE

CVSS

Miscellaneous

Original Researcher

stealthcopter

Verified

No

WPVDB ID

51f85cfd-378d-4b5f-9deb-57abd653057a

Timeline

Publicly Published

2024-04-24 (about 2 years ago)

Added

2024-04-24 (about 2 years ago)

Last Updated

2024-04-24 (about 2 years ago)

Other

Published

Title

Published

2021-03-04

Title

WooCommerce Upload Files < 59.4 - Unauthenticated Arbitrary File Upload

Published

2021-10-11

Title

Similar Posts < 3.1.6 - Admin+ Arbitrary PHP Code Execution

Published

2025-09-26

Title

Contact Form 7 – Dynamic Text Extension <= 5.0.5 - Unauthenticated Arbitrary Shortcode Execution

Published

2015-03-18

Title

Ajax Search Lite < 3.11 - Authenticated RCE

Published

2025-04-25

Title

Anps Theme plugin < 1.1.2 - Unauthenticated Arbitrary Shortcode Execution