Fox
Monthly
Missing authorization in RealMag777 FOX woocommerce-currency-switcher plugin for WordPress allows unauthenticated remote attackers to bypass access controls and gain read access to sensitive data through incorrectly configured security levels. The vulnerability affects FOX versions up to and including 1.4.5, with a CVSS score of 5.3 and extremely low exploitation probability (EPSS 0.02%), suggesting limited real-world attack incentive despite the missing authorization flaw.
Blind SQL injection in FOX WooCommerce Currency Switcher plugin (versions ≤1.4.5) allows authenticated high-privilege users to extract database contents via crafted SQL commands. Attacker requires high-privilege access (PR:H) but can breach scope boundaries (S:C), achieving high confidentiality impact and limited availability disruption. No public exploit identified at time of analysis. Affects WordPress installations using the vulnerable plugin for multi-currency e-commerce functionality.
Missing authorization in RealMag777 FOX woocommerce-currency-switcher plugin for WordPress allows unauthenticated remote attackers to bypass access controls and gain read access to sensitive data through incorrectly configured security levels. The vulnerability affects FOX versions up to and including 1.4.5, with a CVSS score of 5.3 and extremely low exploitation probability (EPSS 0.02%), suggesting limited real-world attack incentive despite the missing authorization flaw.
Blind SQL injection in FOX WooCommerce Currency Switcher plugin (versions ≤1.4.5) allows authenticated high-privilege users to extract database contents via crafted SQL commands. Attacker requires high-privilege access (PR:H) but can breach scope boundaries (S:C), achieving high confidentiality impact and limited availability disruption. No public exploit identified at time of analysis. Affects WordPress installations using the vulnerable plugin for multi-currency e-commerce functionality.