Security Advisory

CVE-2019-18668

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2019-11-02 15:29:16

Last updated 2024-08-05 01:54:14

Assigner mitre

State PUBLISHED

Description

An issue was discovered in the Currency Switcher addon before 2.11.2 for WooCommerce if a user provides a currency that was not added by the administrator. In this case, even though the currency does not exist, it will be selected, but a price amount will fall back to the default currency. This means that if an attacker provides a currency that does not exist and is worth less than this default, the attacker can eventually purchase an item for a significantly cheaper price.

← Browse all CVEs View on cve.org ↗