CVE-2021-4379 Information

Description

The WooCommerce Multi Currency plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wmc_bulk_fixed_price function in versions up to and including 2.1.17. This makes it possible for authenticated attackers with subscriber-level permissions and above to make changes to product prices.

Reference

https://www.wordfence.com/threat-intel/vulnerabilities/id/e2318ae9-4115-442e-9293-a9251787c5f3?source=cve https://codecanyon.net/item/woocommerce-multi-currency/20948446 https://blog.nintechnet.com/vulnerability-fixed-in-wordpress-woocommerce-multi-currency-plugin/