Sign-up

ID

VAR-201911-0627


CVE

CVE-2019-18668


TITLE

WordPress for Currency Switcher for WooCommerce Plug-in input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-011619

DESCRIPTION

An issue was discovered in the Currency Switcher addon before 2.11.2 for WooCommerce if a user provides a currency that was not added by the administrator. In this case, even though the currency does not exist, it will be selected, but a price amount will fall back to the default currency. This means that if an attacker provides a currency that does not exist and is worth less than this default, the attacker can eventually purchase an item for a significantly cheaper price. WordPress for Currency Switcher for WooCommerce The plug-in contains an input validation vulnerability.Information may be tampered with. An attacker could exploit this vulnerability to buy goods at a low price

Trust: 1.71

sources: NVD: CVE-2019-18668 // JVNDB: JVNDB-2019-011619 // VULHUB: VHN-151037

AFFECTED PRODUCTS

vendor:wpwhammodel:currency switcher for woocommercescope:ltversion:2.11.2

Trust: 1.0

vendor:wp whammodel:currency switcher for woocommercescope:ltversion:2.11.2

Trust: 0.8

vendor:wpwhammodel:currency switcher for woocommercescope:eqversion:2.1.0

Trust: 0.6

vendor:wpwhammodel:currency switcher for woocommercescope:eqversion:2.2.0

Trust: 0.6

vendor:wpwhammodel:currency switcher for woocommercescope:eqversion:2.3.0

Trust: 0.6

vendor:wpwhammodel:currency switcher for woocommercescope:eqversion:1.0.0

Trust: 0.6

vendor:wpwhammodel:currency switcher for woocommercescope:eqversion:2.3.1

Trust: 0.6

vendor:wpwhammodel:currency switcher for woocommercescope:eqversion:2.0.0

Trust: 0.6

vendor:wpwhammodel:currency switcher for woocommercescope:eqversion:2.1.1

Trust: 0.6

vendor:wpwhammodel:currency switcher for woocommercescope:eqversion:1.0.1

Trust: 0.6

vendor:wpwhammodel:currency switcher for woocommercescope:eqversion:2.2.2

Trust: 0.6

vendor:wpwhammodel:currency switcher for woocommercescope:eqversion:2.2.1

Trust: 0.6

sources: JVNDB: JVNDB-2019-011619 // CNNVD: CNNVD-201911-042 // NVD: CVE-2019-18668

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-18668
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-18668
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201911-042
value: MEDIUM

Trust: 0.6

VULHUB: VHN-151037
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-18668
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-151037
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-18668
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2019-18668
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-151037 // JVNDB: JVNDB-2019-011619 // CNNVD: CNNVD-201911-042 // NVD: CVE-2019-18668

PROBLEMTYPE DATA

problemtype:CWE-755

Trust: 1.0

problemtype:CWE-20

Trust: 0.9

sources: VULHUB: VHN-151037 // JVNDB: JVNDB-2019-011619 // NVD: CVE-2019-18668

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201911-042

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201911-042

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-011619

PATCH
title:Currency Switcher for WooCommerceurl:https://wordpress.org/plugins/currency-switcher-woocommerce/#developers
Trust: 0.8
title:Currency Switcher addon for WooCommerce Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=101950
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-011619 // 
            
            
            
            CNNVD: CNNVD-201911-042

EXTERNAL IDS
db:NVDid:CVE-2019-18668
Trust: 2.5
db:JVNDBid:JVNDB-2019-011619
Trust: 0.8
db:CNNVDid:CNNVD-201911-042
Trust: 0.7
db:VULHUBid:VHN-151037
Trust: 0.1
sources:
            
            
            VULHUB: VHN-151037 // 
            
            
            
            JVNDB: JVNDB-2019-011619 // 
            
            
            
            CNNVD: CNNVD-201911-042 // 
            
            
            
            NVD: CVE-2019-18668

REFERENCES
url:https://wordpress.org/plugins/currency-switcher-woocommerce/#developers
Trust: 1.7
url:https://wpvulndb.com/vulnerabilities/9936
Trust: 1.7
url:https://www.infigo.hr/en/critical-vulnerability-in-currency-switcher-for-woocommerce-n61
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-18668
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18668
Trust: 0.8
sources:
            
            
            VULHUB: VHN-151037 // 
            
            
            
            JVNDB: JVNDB-2019-011619 // 
            
            
            
            CNNVD: CNNVD-201911-042 // 
            
            
            
            NVD: CVE-2019-18668

SOURCES
db:VULHUBid:VHN-151037
db:JVNDBid:JVNDB-2019-011619
db:CNNVDid:CNNVD-201911-042
db:NVDid:CVE-2019-18668

LAST UPDATE DATE
2024-11-23T22:11:46.434000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-151037date:2019-11-07T00:00:00
db:JVNDBid:JVNDB-2019-011619date:2019-11-14T00:00:00
db:CNNVDid:CNNVD-201911-042date:2019-11-08T00:00:00
db:NVDid:CVE-2019-18668date:2024-11-21T04:33:29.677

SOURCES RELEASE DATE
db:VULHUBid:VHN-151037date:2019-11-02T00:00:00
db:JVNDBid:JVNDB-2019-011619date:2019-11-14T00:00:00
db:CNNVDid:CNNVD-201911-042date:2019-11-02T00:00:00
db:NVDid:CVE-2019-18668date:2019-11-02T16:15:10.310