Vulnerability Description
The WooCommerce Multi Currency plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wmc_bulk_fixed_price function in versions up to, and including, 2.1.17. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to make changes to product prices.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Villatheme | Woocommerce Multi Currency | < 2.1.18 |
Related Weaknesses (CWE)
References
- https://blog.nintechnet.com/vulnerability-fixed-in-wordpress-woocommerce-multi-cExploitThird Party Advisory
- https://codecanyon.net/item/woocommerce-multi-currency/20948446Product
- https://www.wordfence.com/threat-intel/vulnerabilities/id/e2318ae9-4115-442e-929Third Party Advisory
- https://blog.nintechnet.com/vulnerability-fixed-in-wordpress-woocommerce-multi-cExploitThird Party Advisory
- https://codecanyon.net/item/woocommerce-multi-currency/20948446Product
- https://www.wordfence.com/threat-intel/vulnerabilities/id/e2318ae9-4115-442e-929Third Party Advisory
FAQ
What is CVE-2021-4379?
CVE-2021-4379 is a vulnerability with a CVSS score of 6.5 (MEDIUM). The WooCommerce Multi Currency plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wmc_bulk_fixed_price function in versions up to, and including, 2.1.1...
How severe is CVE-2021-4379?
CVE-2021-4379 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-4379?
Check the references section above for vendor advisories and patch information. Affected products include: Villatheme Woocommerce Multi Currency.