CVE-2024-38700

MEDIUM

realmag777 WPCS <1.2.0.3 - Code Injection

Title source: llm

Description

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in realmag777 WPCS allows Code Injection.This issue affects WPCS: from n/a through 1.2.0.3.

References (1)

Core 1

Core References

Third Party Advisory vdb-entry

https://patchstack.com/database/vulnerability/currency-switcher/wordpress-wpcs-wordpress-currency-switcher-professional-plugin-1-2-0-3-arbitrary-shortcode-execution-vulnerability?_s_id=cve

Scores

CVSS v3 6.5

EPSS 0.0032

EPSS Percentile 23.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-74

Status published

Products (1)

realmag777/WPCS < 1.2.0.3

Published Jul 12, 2024

Tracked Since Feb 18, 2026