Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Mon, 06 Jul 2026 23:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Villatheme
Villatheme curcy – Multi Currency For Woocommerce – Smoothly On Woocommerce 9.x Wordpress Wordpress wordpress |
|
| Vendors & Products |
Villatheme
Villatheme curcy – Multi Currency For Woocommerce – Smoothly On Woocommerce 9.x Wordpress Wordpress wordpress |
Mon, 06 Jul 2026 17:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Fri, 03 Jul 2026 09:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | The The CURCY – Multi Currency for WooCommerce – Smoothly on WooCommerce 9.x plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.2.14. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. | |
| Title | CURCY <= 2.2.14 - Unauthenticated Arbitrary Shortcode Execution via 'exchange' Parameter | |
| Weaknesses | CWE-94 | |
| References |
|
|
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: Wordfence
Published:
Updated: 2026-07-06T16:35:24.768Z
Reserved: 2026-06-09T12:15:26.855Z
Link: CVE-2026-11778
Updated: 2026-07-06T16:35:21.647Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-07T23:45:04Z