WP-Safety

WPCS – WordPress Currency Switcher Professional Security & Risk Analysis

wordpress.org/plugins/currency-switcher

WordPress Currency Switcher Professional - a WordPress plugin that allows switching price currencies on your site with real-time rate conversion!

1K active installs v1.3.1 PHP 7.2+ WP 3.6.0+ Updated Feb 12, 2026
convertercurrencycurrency-switcherpriceswitcher
94
A · Safe
CVEs total9
Unpatched0
Last CVEMar 10, 2025
Plugin page Download
Safety Verdict

Is WPCS – WordPress Currency Switcher Professional Safe to Use in 2026?

Generally Safe

Score 94/100

WPCS – WordPress Currency Switcher Professional has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

9 known CVEsLast CVE: Mar 10, 2025Updated 3mo ago
Risk Assessment

The 'currency-switcher' plugin v1.3.1 presents a mixed security posture. On the positive side, the code demonstrates strong practices in preventing SQL injection, with 100% of queries using prepared statements, and a high percentage (95%) of output being properly escaped. Furthermore, there are no identified critical or high severity taint flows, and no dangerous functions are present in the codebase.

However, significant concerns arise from the plugin's attack surface. A substantial number of AJAX handlers (15 out of 21) lack authentication checks, creating potential entry points for unauthorized actions. While no current CVEs are unpatched, the plugin has a history of nine known vulnerabilities, with a notable concentration in areas like code injection, CSRF, XSS, and missing authorization. This historical pattern suggests recurring weaknesses that require careful monitoring and diligent patching. The presence of unsanitized paths in taint analysis, though not critical, also warrants attention.

In conclusion, while the plugin has made strides in secure coding practices for SQL and output handling, the large number of unprotected AJAX endpoints and its past vulnerability history are significant weaknesses. Users should exercise caution and ensure they are running the latest version with all patches applied. The recurring types of vulnerabilities in its history indicate a need for ongoing security scrutiny.

Key Concerns

  • Unprotected AJAX handlers
  • History of 9 known CVEs
  • History of 2 high severity CVEs
  • History of 7 medium severity CVEs
  • Taint flow with unsanitized paths
  • Missing authorization vulnerabilities in history
  • Cross-Site Request Forgery vulnerabilities in history
  • Cross-site Scripting vulnerabilities in history
  • Code Injection vulnerabilities in history
Vulnerabilities
9 published

WPCS – WordPress Currency Switcher Professional Security Vulnerabilities

CVEs by Year

1 CVE in 2021
2021
5 CVEs in 2023
2023
2 CVEs in 2024
2024
1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

High
2
Medium
7

9 total CVEs

CVE-2025-2169high · 7.3Improper Control of Generation of Code ('Code Injection')

WPCS – WordPress Currency Switcher Professional <= 1.2.0.4 - Unauthenticated Arbitrary Shortcode Execution

Mar 10, 2025 Patched in 1.2.0.5 (1d)
CVE-2024-38700medium · 6.5Improper Control of Generation of Code ('Code Injection')

WPCS <= 1.2.0.3 - Unauthenticated Arbitrary Shortcode Execution

Jul 10, 2024 Patched in 1.2.0.4 (21d)
CVE-2024-30456medium · 4.3Cross-Site Request Forgery (CSRF)

WPCS <= 1.2.0.1 - Cross-Site Request Forgery

Mar 28, 2024 Patched in 1.2.0.2 (7d)
CVE-2023-51506medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WPCS – WordPress Currency Switcher Professional <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Dec 27, 2023 Patched in 1.2.0.1 (27d)
CVE-2023-2556medium · 4.3Missing Authorization

WPCS – WordPress Currency Switcher Professional <= 1.1.9 - Missing Authorization to Arbitrary Custom Drop-Down Currency Switcher Deletion

May 12, 2023 Patched in 1.2.0 (256d)
CVE-2023-2558medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WPCS – WordPress Currency Switcher Professional <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

May 12, 2023 Patched in 1.2.0 (256d)
CVE-2023-2557medium · 4.3Missing Authorization

WPCS – WordPress Currency Switcher Professional <= 1.1.9 - Missing Authorization to Arbitrary Custom Drop-Down Currency Switcher Editing

May 12, 2023 Patched in 1.2.0 (256d)
CVE-2023-2555medium · 4.3Missing Authorization

WPCS – WordPress Currency Switcher Professional <= 1.1.9 - Missing Authorization to Custom Drop-Down Currency Switcher Creation

May 12, 2023 Patched in 1.2.0 (256d)
CVE-2021-20780high · 8.8Cross-Site Request Forgery (CSRF)

Currency Switcher <= 1.1.6 - Cross-site request forgery

Jul 6, 2021 Patched in 1.1.7 (931d)
Version History

WPCS – WordPress Currency Switcher Professional Release Timeline

No version history available.
Code Analysis
Analyzed Mar 16, 2026

WPCS – WordPress Currency Switcher Professional Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
35
614 escaped
Nonce Checks
7
Capability Checks
8
File Operations
12
External Requests
2
Bundled Libraries
1

Bundled Libraries

jQuery

Output Escaping

95% escaped649 total outputs
Data Flows · Security
1 unsanitized

Data Flow Analysis

6 flows1 with unsanitized paths
wp_head (index.php:685)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
15 unprotected

WPCS – WordPress Currency Switcher Professional Attack Surface

Entry Points28
Unprotected15

AJAX Handlers 21

authwp_ajax_wpcs_download_geoip_dbclasses\GeoIp\GeoIp2IpCountryResolver.php:28
authwp_ajax_wpcs_manage_alertclasses\rate_alert.php:12
authwp_ajax_wpcs_manage_alertclasses\rate_alert_old.php:12
authwp_ajax_wpcs_sd_createclasses\smart-designer.php:11
authwp_ajax_wpcs_sd_deleteclasses\smart-designer.php:12
authwp_ajax_wpcs_sd_saveclasses\smart-designer.php:27
authwp_ajax_wpcs_sd_getclasses\smart-designer.php:28
authwp_ajax_wpcs_set_cookieclasses\Storage\CookieStorage.php:12
noprivwp_ajax_wpcs_set_cookieclasses\Storage\CookieStorage.php:13
authwp_ajax_wpcs_save_etalonindex.php:156
authwp_ajax_wpcs_get_rateindex.php:157
authwp_ajax_wpcs_add_currenciesindex.php:159
authwp_ajax_wpcs_convert_currencyindex.php:161
noprivwp_ajax_wpcs_convert_currencyindex.php:162
authwp_ajax_wpcs_rates_current_currencyindex.php:164
noprivwp_ajax_wpcs_rates_current_currencyindex.php:165
authwp_ajax_wpcs_get_prices_htmlindex.php:167
noprivwp_ajax_wpcs_get_prices_htmlindex.php:168
authwp_ajax_wpcs_recalculate_order_dataindex.php:170
authwp_ajax_wpcs_set_currency_ajaxindex.php:172
noprivwp_ajax_wpcs_set_currency_ajaxindex.php:173

Shortcodes 7

[wpcs] index.php:187
[wpcs_code_rate] index.php:188
[wpcs_converter] index.php:189
[wpcs_rates] index.php:190
[wpcs_current_currency] index.php:191
[wpcs_price] index.php:192
[wpcs_check_country] index.php:193
WordPress Hooks 17
actionwp_footerclasses\auto_switcher.php:29
actionwp_headclasses\auto_switcher.php:30
actionadmin_enqueue_scriptsclasses\smart-designer.php:37
actionwp_footerclasses\Storage\CookieStorage.php:48
actionwidgets_initindex.php:177
actionwp_headindex.php:178
actionwp_footerindex.php:179
actionbody_classindex.php:180
actionadmin_enqueue_scriptsindex.php:182
actionwpcs_exchange_valueindex.php:184
filtercron_schedulesindex.php:196
actionwpcs_currencies_rate_auto_updateindex.php:199
actionadmin_headindex.php:205
actionadmin_menuindex.php:230
actionadmin_bar_menuindex.php:253
actionadmin_noticesindex.php:1432
actioninitindex.php:1521

Scheduled Events 1

wpcs_currencies_rate_auto_update
Maintenance & Trust

WPCS – WordPress Currency Switcher Professional Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 12, 2026
PHP min version7.2
Downloads47K

Community Trust

Rating82/100
Number of ratings13
Active installs1K
Alternatives

WPCS – WordPress Currency Switcher Professional Alternatives

Another Unit Converter

Another Unit Converter

another-unit-converter

A
85

Another Unit Converter is the easiest way to do currency conversions in your website, allowing visitors to see amounts on their preferred currency.

10 No CVEs
FOX – Currency Switcher Professional for WooCommerce

FOX – Currency Switcher Professional for WooCommerce

woocommerce-currency-switcher

A
88

FOX - Currency Switcher Professional for WooCommerce (former name is WOOCS) is currency plugin for woocommerce and multi currency shop, switch & pay

50K 14 CVEs
YayCurrency – WooCommerce Multi-Currency Switcher

YayCurrency – WooCommerce Multi-Currency Switcher

yaycurrency

A
96

WooCommerce Multi-Currency made easy, powerful, and flexible.

8K 2 CVEs
Currency Switcher for WooCommerce by WBW

Currency Switcher for WooCommerce by WBW

woo-currency

A
98

WBW Currency Switcher for WooCommerce allows customers to switch products prices to any currencies. Get rates converted in the real-time with dynamic &hellip;

4K 2 CVEs
Multi Currency For WooCommerce

Multi Currency For WooCommerce

wc-multi-currency

A
91

WC Multicurrency is a prominent currency switcher plugin for WooCommerce. This plugin allows your website or online store visitors to switch to their &hellip;

1K 2 CVEs
Developer Profile

WPCS – WordPress Currency Switcher Professional Developer Profile

RealMag777

12 plugins · 188K total installs

71
trust score
Avg Security Score
88/100
Avg Patch Time
196 days
View full developer profile
Detection Fingerprints

How We Detect WPCS – WordPress Currency Switcher Professional

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/currency-switcher/assets/css/style.css/wp-content/plugins/currency-switcher/assets/css/design.css/wp-content/plugins/currency-switcher/assets/js/waypoints.js/wp-content/plugins/currency-switcher/assets/js/wpcs-scripts.js/wp-content/plugins/currency-switcher/assets/js/wpcs-currency-converter.js/wp-content/plugins/currency-switcher/assets/js/wpcs-smart-designer.js
Script Paths
/wp-content/plugins/currency-switcher/assets/js/waypoints.js/wp-content/plugins/currency-switcher/assets/js/wpcs-scripts.js/wp-content/plugins/currency-switcher/assets/js/wpcs-currency-converter.js/wp-content/plugins/currency-switcher/assets/js/wpcs-smart-designer.js
Version Parameters
currency-switcher/assets/css/style.css?ver=currency-switcher/assets/css/design.css?ver=currency-switcher/assets/js/waypoints.js?ver=currency-switcher/assets/js/wpcs-scripts.js?ver=currency-switcher/assets/js/wpcs-currency-converter.js?ver=currency-switcher/assets/js/wpcs-smart-designer.js?ver=

HTML / DOM Fingerprints

CSS Classes
wpcs_currency_switcherwpcs_currency_switcher_icowpcs_current_currencywpcs-currency-switcher-containerwpcs-currency-switcher-wrapwpcs_currency_converterwpcs_converter_blockwpcs_smart_designer+1 more
HTML Comments
<!-- START WPCS<!-- END WPCS
Data Attributes
data-currency-switcher-id
JS Globals
wpcs_settingswpcs_converter_paramswpcs_paramswpcs_smart_designer_params
Shortcode Output
[currency_switcher][currency_converter]
FAQ

Frequently Asked Questions about WPCS – WordPress Currency Switcher Professional