{"id":22256,"date":"2025-04-12T16:58:23","date_gmt":"2025-04-12T16:58:23","guid":{"rendered":""},"modified":"2025-05-11T06:21:45","modified_gmt":"2025-05-11T06:21:45","slug":"cve-2021-24566-local-file-inclusion-vulnerability-in-woocommerce-currency-switcher-fox-wordpress-plugin","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2021-24566-local-file-inclusion-vulnerability-in-woocommerce-currency-switcher-fox-wordpress-plugin\/","title":{"rendered":"CVE-2021-24566: Local File Inclusion Vulnerability in WooCommerce Currency Switcher FOX WordPress Plugin<\/strong>"},"content":{"rendered":"

Overview<\/strong><\/p>\n

The cybersecurity landscape is continually evolving with new vulnerabilities being discovered regularly. One such recent discovery is the CVE-2021-24566 vulnerability that affects the WooCommerce Currency Switcher FOX WordPress plugin. If unpatched, this vulnerability can lead to Local File<\/a> Inclusion (LFI) attacks, potentially compromising the system or leaking sensitive data.
\nThis vulnerability is significant because of the popularity of WooCommerce<\/a>, a widely-used eCommerce plugin on WordPress. The Currency Switcher FOX extension for WooCommerce is used by online businesses across the globe to manage multiple<\/a> currencies on their websites. This makes it a high-value target for attackers looking to exploit the vulnerability<\/a> for malicious gain.<\/p>\n

Vulnerability Summary<\/strong><\/p>\n

CVE ID: CVE-2021-24566
\nSeverity: High (CVSS: 8.8)
\nAttack Vector: Network
\nPrivileges Required: Low
\nUser Interaction: Required
\nImpact: Potential system<\/a> compromise or data leakage<\/p>\n

Affected Products<\/strong><\/p>

\r\n

\r\n \r\n \"Ameeba\r\n <\/a>\r\n A new way to communicate\r\n <\/h2>\r\n\r\n

\r\n Ameeba Chat is built on encrypted identity, not personal profiles.\r\n <\/p>\r\n\r\n

\r\n Message, call, share files, and coordinate with identities kept separate.\r\n <\/p>\r\n\r\n