CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-4379

The WooCommerce Multi Currency plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wmc_bulk_fixed_price function in versions up to, and including, 2.1.17. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to make changes to product prices.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 16.6%

CVSS Severity

CVSS v3 Score 6.5

References

https://blog.nintechnet.com/vulnerability-fixed-in-wordpress-woocommerce-multi-currency-plugin/
https://codecanyon.net/item/woocommerce-multi-currency/20948446
https://www.wordfence.com/threat-intel/vulnerabilities/id/e2318ae9-4115-442e-9293-a9251787c5f3?source=cve
https://blog.nintechnet.com/vulnerability-fixed-in-wordpress-woocommerce-multi-currency-plugin/
https://codecanyon.net/item/woocommerce-multi-currency/20948446
https://www.wordfence.com/threat-intel/vulnerabilities/id/e2318ae9-4115-442e-9293-a9251787c5f3?source=cve

Products affected by CVE-2021-4379

Villatheme » Woocommerce Multi Currency » Version: N/A

cpe:2.3:a:villatheme:woocommerce_multi_currency:-
Villatheme » Woocommerce Multi Currency » Version: 2.1.17

cpe:2.3:a:villatheme:woocommerce_multi_currency:2.1.17

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-4379

Products

Pricing

Contact Us