Vulnerability Description
The WooCommerce Multi Currency plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.17. This makes it possible for authenticated attackers to change the price of a product to an arbitrary value.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Palscode | Woocommerce Multi Currency | <= 2.1.17 |
Related Weaknesses (CWE)
References
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&oldPatch
- https://wordpress.org/plugins/woo-multi-currency/#developersProduct
- https://wpscan.com/vulnerability/480125bc-bab3-45b8-9325-a4d406655a61Third Party Advisory
- https://www.wordfence.com/threat-intel/vulnerabilities/id/d8a490c6-14c1-4c71-b44Third Party Advisory
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&oldPatch
- https://wordpress.org/plugins/woo-multi-currency/#developersProduct
- https://wpscan.com/vulnerability/480125bc-bab3-45b8-9325-a4d406655a61Third Party Advisory
- https://www.wordfence.com/threat-intel/vulnerabilities/id/d8a490c6-14c1-4c71-b44Third Party Advisory
FAQ
What is CVE-2021-4376?
CVE-2021-4376 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The WooCommerce Multi Currency plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.17. This makes it possible for authenticated attackers to change the p...
How severe is CVE-2021-4376?
CVE-2021-4376 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-4376?
Check the references section above for vendor advisories and patch information. Affected products include: Palscode Woocommerce Multi Currency.