CVE-2021-4376

Summary

The WooCommerce Multi Currency plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.17. This makes it possible for authenticated attackers to change the price of a product to an arbitrary value.

Affected Software

VendorProductVersion RangeStatus
villathemeCURCY – Multi Currency for WooCommerce – Smoothly on WooCommerce 9.x0 <= 2.1.17affected

Weaknesses

  • CWE-862: CWE-862 Missing Authorization

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References