CVE-2025-30857
📋 TL;DR
A Cross-Site Request Forgery (CSRF) vulnerability in PressMaximum Currency Switcher for WooCommerce allows attackers to perform actions as authenticated users, leading to Stored Cross-Site Scripting (XSS). This affects WordPress sites using the Currency Switcher for WooCommerce plugin versions up to 0.0.7. Attackers can inject malicious scripts that execute when other users view affected pages.
💻 Affected Systems
- PressMaximum Currency Switcher for WooCommerce
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could inject malicious JavaScript that steals admin credentials, redirects users to phishing sites, or performs administrative actions on the WordPress site when administrators view compromised pages.
Likely Case
Attackers inject malicious scripts that steal user session cookies or perform unauthorized actions when users visit pages containing the injected payload.
If Mitigated
With proper CSRF protections and content security policies, the attack surface is reduced, though the vulnerability still exists in the codebase.
🎯 Exploit Status
Exploitation requires tricking an authenticated user (typically an administrator) into performing a malicious action, but no public exploit code is currently available.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version after 0.0.7
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Currency Switcher for WooCommerce'. 4. Click 'Update Now' if update is available. 5. If no update appears, deactivate and delete the plugin, then install the latest version from WordPress repository.
🔧 Temporary Workarounds
Implement CSRF Tokens
allAdd CSRF protection to all form submissions and state-changing actions in the plugin
Content Security Policy
allImplement a strict Content Security Policy header to mitigate XSS impact
Header set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' https://trusted.cdn.com;"
Add to .htaccess or web server configuration
🧯 If You Can't Patch
- Disable or remove the Currency Switcher for WooCommerce plugin immediately
- Implement web application firewall rules to block suspicious requests targeting the plugin endpoints
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Installed Plugins for 'Currency Switcher for WooCommerce' version numberCheck Version:
wp plugin list --name='currency-switcher-for-woocommerce' --field=versionVerify Fix Applied:
Verify plugin version is higher than 0.0.7 in WordPress admin panel📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to currency switcher admin endpoints
- JavaScript injection patterns in plugin settings or content
Network Indicators:
- Requests to currency switcher endpoints with suspicious parameters
- Cross-origin requests to plugin admin functions
SIEM Query:
source="wordpress.log" AND (uri_path="/wp-admin/admin-ajax.php" OR uri_path CONTAINS "currency-switcher") AND (method="POST" AND (param CONTAINS "script" OR param CONTAINS "javascript"))