漏洞标题
N/A
漏洞描述信息
在 WooCommerce 插件 2.11.2 之前,如果发现用户在Currency Switcher 扩展程序中提供了 administrator 没有添加的 currency,则发现了一个问题。在这种情况下,即使该货币不存在,也会被选中,但价格金额将回到默认货币。这意味着,如果攻击者提供了不存在且价值低于默认货币的 currency,攻击者最终可能以 significantly cheaper 的价格购买物品。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
An issue was discovered in the Currency Switcher addon before 2.11.2 for WooCommerce if a user provides a currency that was not added by the administrator. In this case, even though the currency does not exist, it will be selected, but a price amount will fall back to the default currency. This means that if an attacker provides a currency that does not exist and is worth less than this default, the attacker can eventually purchase an item for a significantly cheaper price.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
Currency Switcher addon for WooCommerce 输入验证错误漏洞
漏洞描述信息
Currency Switcher addon for WooCommerce是一款使用在WooCommerce电子商务平台中的货币切换插件。 Currency Switcher addon for WooCommerce 2.11.2之前版本中存在安全漏洞。攻击者可利用该漏洞以低廉的价格购买商品。
CVSS信息
N/A
漏洞类别
输入验证错误