2 matches found
CVE-2025-13156
The Vitepos – Point of Sale POS for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the insertmediaattachment function in all versions up to, and including, 3.3.0. This is due to the saveupdatecategoryimg function accepting...
CVE-2024-7030
The Smart Online Order for Clover plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 1.5.6. This makes it possible for authenticated attackers, with Subscriber-level access and above,...