CVE-2025-2169

Summary

CVE-2025-2169 is a critical vulnerability affecting the WordPress Currency Switcher Professional plugin, versions up to 1.2.0.4. The issue lies in the plugin's failure to sufficiently validate user-supplied input before executing the do_shortcode function. As a result, unauthenticated attackers can exploit this weakness to inject and execute arbitrary shortcodes, potentially leading to severe security consequences. This vulnerability exposes WordPress websites using the WPCS plugin to potential data breaches, unauthorized access, and other malicious activities. It is highly recommended to update to the latest version of the plugin, or consider disabling it if upgrades are not possible, to mitigate the risk of this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.