CVE-2026-1826

The OpenPOS Lite – Point of Sale for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'width' parameter of the orderqrcode shortcode in all versions up to, and including, 3.0 due to insufficient input sanitization and output escaping. This makes it possible fo...

CVE-2026-1826

The OpenPOS Lite – Point of Sale for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'width' parameter of the orderqrcode shortcode in all versions up to, and including, 3.0 due to insufficient input sanitization and output escaping. This makes it possible fo...

CVE-2026-1826

The OpenPOS Lite – Point of Sale for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'width' parameter of the orderqrcode shortcode in all versions up to, and including, 3.0 due to insufficient input sanitization and output escaping. This makes it possible fo...

CVE-2026-1826 OpenPOS Lite <= 3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The OpenPOS Lite – Point of Sale for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'width' parameter of the orderqrcode shortcode in all versions up to, and including, 3.0 due to insufficient input sanitization and output escaping. This makes it possible fo...

CVE-2026-1826 OpenPOS Lite <= 3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The OpenPOS Lite – Point of Sale for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'width' parameter of the orderqrcode shortcode in all versions up to, and including, 3.0 due to insufficient input sanitization and output escaping. This makes it possible fo...

CVE-2026-1826

CVE-2026-1826 affects the WordPress plugin OpenPOS Lite – Point of Sale for WooCommerce (versions up to 3.0). The issue is a Stored Cross-Site Scripting via the short code attribute width on the order_qrcode shortcode, caused by insufficient input sanitization and output escaping. Exploitation re...

PT-2026-7502

The OpenPOS Lite – Point of Sale for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'width' parameter of the order qrcode shortcode in all versions up to, and including, 3.0 due to insufficient input sanitization and output escaping. This makes it possible f...

WordPress plugin OpenPOS Lite – Point of Sale for WooCommerce 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

WordPress OpenPOS Lite plugin <= 3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin OpenPOS Lite – Point of Sale for WooCommerce versions = 3.0...

EUVD-2024-36893

Malicious code in bioql PyPI...

EUVD-2024-36891

Malicious code in bioql PyPI...

EUVD-2024-36890

Malicious code in bioql PyPI...

CVE-2024-37935

Missing Authorization vulnerability in anhvnit Woocommerce OpenPos allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Woocommerce OpenPos: from n/a through 6.4.4...

CVE-2024-37933

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in anhvnit Woocommerce OpenPos.This issue affects Woocommerce OpenPos: from n/a through 6.4.4...

CVE-2024-37932

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in anhvnit Woocommerce OpenPos allows File Manipulation.This issue affects Woocommerce OpenPos: from n/a through 6.4.4...

CVE-2024-37935

Missing Authorization vulnerability in anhvnit Woocommerce OpenPos allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Woocommerce OpenPos: from n/a through 6.4.4...

CVE-2024-37935 WordPress Woocommerce OpenPos plugin <= 6.4.4 - Unauthenticated Sensitive Data Exposure vulnerability

Missing Authorization vulnerability in anhvnit Woocommerce OpenPos allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Woocommerce OpenPos: from n/a through 6.4.4...

CVE-2024-37935 WordPress Woocommerce OpenPos plugin <= 6.4.4 - Unauthenticated Sensitive Data Exposure vulnerability

Missing Authorization vulnerability in anhvnit Woocommerce OpenPos allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Woocommerce OpenPos: from n/a through 6.4.4...

CVE-2024-37935

The CVE-2024-37935 entry concerns a Missing Authorization vulnerability in the Anhvnit Woocommerce OpenPos WordPress plugin. It allows accessing functionality that is not constrained by ACLs, effectively enabling unauthorized access to certain features. Affected software: Woocommerce OpenPos vers...

WordPress plugin Woocommerce OpenPos 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...