WordPress Vitepos plugin < 3.4.2 - Outlet Manager+ Privilege Escalation vulnerability

Outlet Manager+ Privilege Escalation vulnerability discovered by RealKingEngine ISAL FRAMEWORK in WordPress Plugin Vitepos versions 3.4.2...

CVE-2026-8157

The Vitepos WordPress plugin before 3.4.2 does not properly restrict the roles that can be assigned when creating new users via one of its REST API endpoints, allowing authenticated users with a custom Vitepos WordPress plugin before 3.4.2 role to escalate privileges to administrator...

CVE-2026-8157

The Vitepos WordPress plugin before 3.4.2 does not properly restrict the roles that can be assigned when creating new users via one of its REST API endpoints, allowing authenticated users with a custom Vitepos WordPress plugin before 3.4.2 role to escalate privileges to administrator...

CVE-2026-8157 Vitepos < 3.4.2 - Outlet Manager+ Privilege Escalation

The Vitepos WordPress plugin before 3.4.2 does not properly restrict the roles that can be assigned when creating new users via one of its REST API endpoints, allowing authenticated users with a custom Vitepos WordPress plugin before 3.4.2 role to escalate privileges to administrator...

EUVD-2026-38215

The Vitepos WordPress plugin before 3.4.2 does not properly restrict the roles that can be assigned when creating new users via one of its REST API endpoints, allowing authenticated users with a custom Vitepos WordPress plugin before 3.4.2 role to escalate privileges to administrator...

CVE-2026-8157

The CVE-2026-8157 entry concerns the Vitepos WordPress plugin, specifically versions before 3.4.2. The vulnerability arises from improper access control in a REST API endpoint used to create new users: authenticated users with a custom Vitepos role can bypass restrictions and elevate their privil...

WordPress Vitepos plugin <= 3.3.0 - Authenticated (Subscriber+) Arbitrary File Upload to Remote Code Execution vulnerability

Authenticated Subscriber+ Arbitrary File Upload to Remote Code Execution vulnerability discovered by Moose Love - Nagasaki Prefectural University in WordPress Plugin Vitepos versions = 3.3.0...

WordPress plugin Vitepos 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2025-22277 WordPress Vitepos plugin <= 3.1.4 - Broken Authentication vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in appsbd Vitepos vitepos-lite allows Authentication Abuse.This issue affects Vitepos: from n/a through = 3.1.4...

CVE-2025-22277

CVE-2025-22277 affects the Vitepos POS plugin for WooCommerce (appsbd). The connected data confirms a Missing Authorization flaw that enables authentication bypass/abuse via an alternate path or channel, affecting Vitepos versions up to 3.1.4. The record notes a patch has been applied (Patch Stat...

WordPress Vitepos plugin <= 3.1.4 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by Phat RiO - Fore-Z co.ltd in WordPress Plugin Vitepos versions = 3.1.4...

CVE-2025-26750 WordPress Vitepos Plugin <= 3.1.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in appsbd Vitepos vitepos-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Vitepos: from n/a through = 3.1.3...

WordPress plugin Vitepos 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress Vitepos Plugin <= 3.1.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - Fore-Z co.ltd in WordPress Plugin Vitepos versions = 3.1.3...

CVE-2024-33574 WordPress Vitepos plugin <= 3.0.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in appsbd Vitepos.This issue affects Vitepos: from n/a through 3.0.1...

WordPress Vitepos plugin <= 3.0.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Abdi Pranata Patchstack Alliance in WordPress Plugin Vitepos versions = 3.0.1...

WordPress Vitepos Plugin <= 3.0.1 is vulnerable to Broken Access Control

Software Vitepos Type Plugin Vulnerable versions = 3.0.1 Fixed in 3.0.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33574 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 328a27247429 Credits Abdi Pranata Required privilege...