MEDIUM
realmag777
CVE published 2026-05-28
CVE-2026-9241
A medium-severity authorization bypass vulnerability in the FOX – Currency Switcher Professional for WooCommerce plugin allows authenticated attackers with Subscriber-level access or higher to impersonate privileged roles and obtain unauthorized pricing. The flaw exists in the `get_value()` function within `classes/fixed/fixed_user_role.php`, which trusts the attacker-controlled `$_REQUEST['wooc_order_use [truncated]