{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2021-4376","assignerOrgId":"b15e7b5b-3da4-40ae-a43c-f7aa60e62599","state":"PUBLISHED","assignerShortName":"Wordfence","dateReserved":"2023-06-06T13:20:38.952Z","datePublished":"2023-06-07T01:51:46.083Z","dateUpdated":"2026-04-08T17:26:55.408Z"},"containers":{"cna":{"providerMetadata":{"orgId":"b15e7b5b-3da4-40ae-a43c-f7aa60e62599","shortName":"Wordfence","dateUpdated":"2026-04-08T17:26:55.408Z"},"affected":[{"vendor":"villatheme","product":"CURCY – Multi Currency for WooCommerce – Smoothly on WooCommerce 9.x","versions":[{"version":"0","status":"affected","lessThanOrEqual":"2.1.17","versionType":"semver"}],"defaultStatus":"unaffected"}],"descriptions":[{"lang":"en","value":"The WooCommerce Multi Currency plugin for WordPress is vulnerable to Missing Authorization  in versions up to, and including, 2.1.17. This makes it possible for authenticated attackers to change the price of a product to an arbitrary value."}],"title":"WooCommerce Multi Currency <= 2.1.17 - Missing Authorization","references":[{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d8a490c6-14c1-4c71-b44c-1e362cc892a8?source=cve"},{"url":"https://wpscan.com/vulnerability/480125bc-bab3-45b8-9325-a4d406655a61"},{"url":"https://wordpress.org/plugins/woo-multi-currency/#developers"},{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2734576%40woo-multi-currency&new=2734576%40woo-multi-currency&sfp_email=&sfph_mail="}],"problemTypes":[{"descriptions":[{"lang":"en","description":"CWE-862 Missing Authorization","cweId":"CWE-862","type":"CWE"}]}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM"}}],"credits":[{"lang":"en","type":"finder","value":"Jerome Bruandet"}],"timeline":[{"time":"2021-09-13T00:00:00.000Z","lang":"en","value":"Disclosed"}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T17:23:10.719Z"},"title":"CVE Program Container","references":[{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d8a490c6-14c1-4c71-b44c-1e362cc892a8?source=cve","tags":["x_transferred"]},{"url":"https://wpscan.com/vulnerability/480125bc-bab3-45b8-9325-a4d406655a61","tags":["x_transferred"]},{"url":"https://wordpress.org/plugins/woo-multi-currency/#developers","tags":["x_transferred"]},{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2734576%40woo-multi-currency&new=2734576%40woo-multi-currency&sfp_email=&sfph_mail=","tags":["x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-12-20T23:26:59.952955Z","id":"CVE-2021-4376","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-12-20T23:50:01.341Z"}}]}}