216.73.216.133

CVE-2026-11778

· Published 03/07/2026 11:16 · Author: The MITRE Corporation

Labels: CVE-2026-11778

Essential information

Published
03/07/2026 11:16
Modified
Author
The MITRE Corporation
Creator
The MITRE Corporation
CVSS
5.4 MEDIUM (v3.1)
CISA KEV
No
CWE
CWE-94
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CVSS metrics

Description

The The CURCY – Multi Currency for WooCommerce – Smoothly on WooCommerce 9.x plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.2.14. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.

NVD status

NVD
View on NVD