CVE-2025-30857 HIGH

CVE-2025-30857: WordPress Currency Switcher for WooCommerce plugin <= 0.0.7 - CSRF to Stored XSS vulnerability

Vendor Pressmaximum

Product Currency Switcher for WooCommerce

Weakness CWE-352 · CSRF

Published March 27, 2025

Last update April 28, 2026

View on NVD All CVEs

CVSS base score

7.1/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

What the vulnerability does

01Description

Cross-Site Request Forgery (CSRF) vulnerability in PressMaximum Currency Switcher for WooCommerce currency-switcher-for-woocommerce allows Stored XSS.This issue affects Currency Switcher for WooCommerce: from n/a through <= 0.0.7.

Key dates

02Disclosure timeline

March 27, 2025 CVE published

April 28, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-30857

Related vulnerabilities

04Related CVE

CVE-2024-35636 WordPress Uploadcare File Uploader and Adaptive Delivery plugin <= 3.0.11 - Cross Site Request Forgery (CSRF) vulnerability CVE-2025-39417 WordPress Redirect wordpress to welcome or landing page plugin <= 2.0 - CSRF to Stored XSS vulnerability CVE-2023-1921 WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via 'wpfc_start_cdn_integration_ajax_request_callback' CVE-2025-31807 WordPress Product Notices for WooCommerce plugin <= 1.3.4 - Cross Site Request Forgery (CSRF) vulnerability CVE-2023-41669 WordPress Live News Plugin <= 1.06 is vulnerable to Cross Site Request Forgery (CSRF)

Identifiers

CVE CVE-2025-30857

CWE CWE-352

CVSS 7.1 / HIGH

Affected versions

Vendor Pressmaximum

Product Currency Switcher for WooCommerce

Affected ≤ 0.0.7