{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/fox--currency-switcher-professional-for-woocommerce-plugin--1.4.5/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":8.1,"id":"CVE-2026-4094"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["FOX – Currency Switcher Professional for WooCommerce plugin \u003c= 1.4.5"],"_cs_severities":["medium"],"_cs_tags":["wordpress","woocommerce","plugin","csrf","data-loss","cve-2026-4094"],"_cs_type":"advisory","_cs_vendors":["WooCommerce"],"content_html":"\u003cp\u003eThe FOX – Currency Switcher Professional for WooCommerce plugin for WordPress, versions up to and including 1.4.5, contains an unauthorized data loss vulnerability tracked as CVE-2026-4094. This flaw stems from a missing capability check within the \u0026lsquo;admin_head\u0026rsquo; function. Successful exploitation allows authenticated attackers with Contributor-level access and above to trigger the deletion of the entire multi-currency configuration. This is achieved by visiting any wp-admin page with the \u003ccode\u003ewoocs_reset\u003c/code\u003e parameter appended. Furthermore, the absence of nonce verification makes the vulnerability exploitable via Cross-Site Request Forgery (CSRF) against administrators. Subscriber-level users can also exploit the vulnerability if the WordPress site is configured to permit Subscriber access to \u0026lsquo;wp-admin\u0026rsquo; pages. This vulnerability poses a risk to websites utilizing the affected plugin, potentially leading to data loss and disruption of e-commerce operations.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker identifies a WordPress website using a vulnerable version (\u0026lt;= 1.4.5) of the FOX – Currency Switcher Professional for WooCommerce plugin.\u003c/li\u003e\n\u003cli\u003eThe attacker authenticates to the WordPress site with Contributor-level or higher privileges.\u003c/li\u003e\n\u003cli\u003eAlternatively, the attacker identifies an administrator user and prepares a CSRF attack.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious URL including the \u003ccode\u003ewoocs_reset\u003c/code\u003e parameter.\u003c/li\u003e\n\u003cli\u003eThe attacker sends the crafted URL to the administrator (CSRF) or directly accesses it through the authenticated session.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eadmin_head\u003c/code\u003e function executes without proper capability checks.\u003c/li\u003e\n\u003cli\u003eThe multi-currency configuration data is deleted.\u003c/li\u003e\n\u003cli\u003eThe website\u0026rsquo;s multi-currency functionality is disrupted, potentially impacting sales and user experience.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-4094 leads to the deletion of the multi-currency configuration within the FOX – Currency Switcher Professional for WooCommerce plugin. This results in a loss of website functionality related to currency switching, potentially causing financial losses and negatively impacting the user experience. The number of affected sites is dependent on the adoption rate of the vulnerable plugin.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade the FOX – Currency Switcher Professional for WooCommerce plugin to the latest available version to patch CVE-2026-4094.\u003c/li\u003e\n\u003cli\u003eApply the Sigma rule \u0026ldquo;Detect WordPress FOX - Currency Switcher Plugin Reset via woocs_reset Parameter\u0026rdquo; to identify potential exploitation attempts.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for requests containing the \u003ccode\u003ewoocs_reset\u003c/code\u003e parameter within the URL to detect potential unauthorized configuration resets.\u003c/li\u003e\n\u003cli\u003eImplement and enforce strong CSRF protection measures on all administrative WordPress pages.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-15T07:16:52Z","date_published":"2026-05-15T07:16:52Z","id":"https://feed.craftedsignal.io/briefs/2026-05-cve-2026-4094-wordpress-plugin-vuln/","summary":"The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to unauthorized data loss (CVE-2026-4094) due to a missing capability check, allowing authenticated attackers with Contributor-level access or higher to delete the multi-currency configuration.","title":"CVE-2026-4094: FOX – Currency Switcher Professional for WooCommerce Plugin Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-05-cve-2026-4094-wordpress-plugin-vuln/"}],"language":"en","title":"CraftedSignal Threat Feed — FOX – Currency Switcher Professional for WooCommerce Plugin \u003c= 1.4.5","version":"https://jsonfeed.org/version/1.1"}