Description
Missing Authorization vulnerability in RealMag777 FOX woocommerce-currency-switcher allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FOX: from n/a through <= 1.4.5.
Published: 2026-04-08
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Access
Action: Apply Patch
AI Analysis

Impact

The vulnerability is a missing authorization flaw in the RealMag777 FOX WooCommerce‑Currency‑Switcher plugin, allowing attackers to execute privileged functions that should be restricted. The problem manifests as broken access control, potentially letting an attacker gain administrative capabilities within the plugin’s settings or data. This weakness corresponds to CWE‑862: Missing Authorization, and could lead to unauthorized viewing or manipulation of currency switcher configurations, affecting the integrity and availability of e‑commerce operations.

Affected Systems

The affected product is the RealMag777 FOX plugin for WordPress WooCommerce, versions up to and including 1.4.5. Users running any of these versions are vulnerable.

Risk and Exploitability

The CVSS score of 5.3 indicates a medium severity, with an EPSS score of less than 1% suggesting that active exploitation is currently unlikely. The vulnerability is not listed in the CISA KEV catalog. Exploitation would likely occur via web requests to administrative endpoints exposed by the plugin, potentially without additional prerequisites beyond web access. Attackers could leverage this flaw to bypass normal authorization checks and perform restricted actions remotely.

Generated by OpenCVE AI on April 10, 2026 at 19:39 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the RealMag777 FOX plugin to version 1.4.6 or later.
  • Verify the update by testing access control functionality on a staging environment before deploying to production.

Generated by OpenCVE AI on April 10, 2026 at 19:39 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 10 Apr 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 09 Apr 2026 08:30:00 +0000

Type Values Removed Values Added
First Time appeared Realmag777
Realmag777 fox
Wordpress
Wordpress wordpress
Vendors & Products Realmag777
Realmag777 fox
Wordpress
Wordpress wordpress

Wed, 08 Apr 2026 08:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in RealMag777 FOX woocommerce-currency-switcher allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FOX: from n/a through <= 1.4.5.
Title WordPress FOX plugin <= 1.4.5 - Broken Access Control vulnerability
Weaknesses CWE-862
References

Subscriptions

Realmag777 Fox
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-29T09:52:01.916Z

Reserved: 2026-04-07T10:47:43.844Z

Link: CVE-2026-39501

cve-icon Vulnrichment

Updated: 2026-04-10T18:00:33.769Z

cve-icon NVD

Status : Deferred

Published: 2026-04-08T09:16:24.373

Modified: 2026-04-24T18:08:35.440

Link: CVE-2026-39501

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-13T14:25:32Z

Weaknesses