{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-32410", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2026-03-12T11:11:19.857Z", "datePublished": "2026-03-13T11:42:14.149Z", "dateUpdated": "2026-04-29T09:51:59.092Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "woo-currency", "product": "WBW Currency Switcher for WooCommerce", "vendor": "WBW Plugins", "versions": [{"changes": [{"at": "2.2.6", "status": "unaffected"}], "lessThanOrEqual": "2.2.5", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "NumeX | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-01T16:06:09.642Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Missing Authorization vulnerability in WBW Plugins WBW Currency Switcher for WooCommerce woo-currency allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects WBW Currency Switcher for WooCommerce: from n/a through <= 2.2.5.</p>"}], "value": "Missing Authorization vulnerability in WBW Plugins WBW Currency Switcher for WooCommerce woo-currency allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WBW Currency Switcher for WooCommerce: from n/a through <= 2.2.5."}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "Exploiting Incorrectly Configured Access Control Security Levels"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-29T09:51:59.092Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/woo-currency/vulnerability/wordpress-wbw-currency-switcher-for-woocommerce-plugin-2-2-5-broken-access-control-vulnerability?_s_id=cve"}], "title": "WordPress WBW Currency Switcher for WooCommerce plugin <= 2.2.5 - Broken Access Control vulnerability"}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-13T18:29:31.727917Z", "id": "CVE-2026-32410", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-13T18:30:00.729Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-32410", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2026-03-12T11:11:19.857Z", "datePublished": "2026-03-13T11:42:14.149Z", "dateUpdated": "2026-03-13T18:30:00.729Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "woo-currency", "product": "WBW Currency Switcher for WooCommerce", "vendor": "WBW Plugins", "versions": [{"changes": [{"at": "2.2.6", "status": "unaffected"}], "lessThanOrEqual": "<= 2.2.5", "status": "affected", "version": "n/a", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "NumeX | Patchstack Bug Bounty Program"}], "datePublic": "2026-03-13T12:41:18.696Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Missing Authorization vulnerability in WBW Plugins WBW Currency Switcher for WooCommerce woo-currency allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects WBW Currency Switcher for WooCommerce: from n/a through <= 2.2.5.</p>"}], "value": "Missing Authorization vulnerability in WBW Plugins WBW Currency Switcher for WooCommerce woo-currency allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WBW Currency Switcher for WooCommerce: from n/a through <= 2.2.5."}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "Exploiting Incorrectly Configured Access Control Security Levels"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-03-13T11:42:14.149Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/woo-currency/vulnerability/wordpress-wbw-currency-switcher-for-woocommerce-plugin-2-2-5-broken-access-control-vulnerability?_s_id=cve"}], "title": "WordPress WBW Currency Switcher for WooCommerce plugin <= 2.2.5 - Broken Access Control vulnerability"}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-32410", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-13T18:29:31.727917Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-13T18:28:49.681Z"}}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in WBW Plugins WBW Currency Switcher for WooCommerce woo-currency allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WBW Currency Switcher for WooCommerce: from n/a through <= 2.2.5."}, {"lang": "es", "value": "Vulnerabilidad de autorizaci\u00f3n faltante en WBW Plugins WBW Currency Switcher para WooCommerce woo-currency permite la explotaci\u00f3n de niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a WBW Currency Switcher para WooCommerce: desde n/a hasta &lt;= 2.2.5."}], "id": "CVE-2026-32410", "lastModified": "2026-04-29T10:17:06.990", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "audit@patchstack.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-13T19:54:57.810", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Plugin/woo-currency/vulnerability/wordpress-wbw-currency-switcher-for-woocommerce-plugin-2-2-5-broken-access-control-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,2.2.5]"}}], "enrichment": {"confidence": 86.0, "confidence_source": "matching", "scores": [{"score": 86.0, "source": "matching"}]}, "original": {"product": "WBW Currency Switcher for WooCommerce", "source": "cna", "vendor": "WBW Plugins"}, "product": "wbw_currency_switcher_for_woocommerce", "vendor": "woobewoo"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-03-19T15:22:29.398513+00:00", "value": {"mitigation_remediation": ["Verify the installed version of WBW Currency Switcher for WooCommerce; if it is 2.2.5 or older, upgrade to the latest release.", "If an upgrade is not immediately possible, disable or uninstall the plugin to prevent unauthorized configuration changes."], "summary": {"action": "Immediate Upgrade", "impact": "Unauthorized Configuration Modification via Broken Access Control"}, "threat_synthesis": {"affected_systems": "WBW Plugins\u2019 WBW Currency Switcher for WooCommerce plugin is affected whenever the installed version is 2.2.5 or earlier. Administrators should verify the current version on their WordPress sites.", "description_and_impact": "The vulnerability in WBW Currency Switcher for WooCommerce allows an attacker to bypass authorization checks and modify currency switcher settings without proper privileges. This could lead to incorrect pricing, compromised transaction integrity, and potential financial loss. The weakness is identified as CWE\u2011862: Missing Authorization.", "risk_and_exploitability": "The CVSS base score of 5.3 indicates moderate severity, while the EPSS score of less than 1% suggests low predicted exploitation likelihood. The vulnerability is not listed in the CISA KEV catalog. Attackers likely need access to the WordPress backend or a vulnerability that allows unauthenticated configuration changes; this is inferred from the description of incorrectly configured access control levels."}}}}, "created": "2026-03-16T09:34:02.665314+00:00", "updated": "2026-03-23T12:03:52.803352+00:00", "vendors": ["woobewoo", "woobewoo$PRODUCT$wbw_currency_switcher_for_woocommerce", "wordpress", "wordpress$PRODUCT$wordpress"]}