ByteOS Network

falselight

Source -

CNA

BOS Name -

N/A

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

2Vulnerabilities found

CVE-2025-30864

Assigner-Patchstack

View Details

Assigner-Patchstack

CVSS Score-4.3||MEDIUM

EPSS-0.03% / 6.86%

7 Day CHG-0.00%

Published-27 Mar, 2025 | 10:55

Updated-27 Mar, 2025 | 18:57

WordPress Exchange Rates plugin <= 1.2.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in falselight Exchange Rates allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Exchange Rates: from n/a through 1.2.2.

Vendor-falselight

Product-Exchange Rates

CWE ID-CWE-862

Missing Authorization

CVE-2024-11760

Assigner-Wordfence

View Details

Assigner-Wordfence

CVSS Score-6.4||MEDIUM

EPSS-0.05% / 15.98%

7 Day CHG+0.01%

Published-12 Dec, 2024 | 08:22

Updated-12 Dec, 2024 | 14:34

Currency Converter Widget ⚡ PRO <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Currency Converter Widget ⚡ PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'currency-converter-widget-pro' shortcode in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Vendor-falselight

Product-Currency Converter Widget ⚡ PRO

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')