4 matches found
CVE-2026-1826
The OpenPOS Lite – Point of Sale for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'width' parameter of the orderqrcode shortcode in all versions up to, and including, 3.0 due to insufficient input sanitization and output escaping. This makes it possible fo...
CVE-2026-1826 OpenPOS Lite <= 3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
The OpenPOS Lite – Point of Sale for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'width' parameter of the orderqrcode shortcode in all versions up to, and including, 3.0 due to insufficient input sanitization and output escaping. This makes it possible fo...
CVE-2026-1826 OpenPOS Lite <= 3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
The OpenPOS Lite – Point of Sale for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'width' parameter of the orderqrcode shortcode in all versions up to, and including, 3.0 due to insufficient input sanitization and output escaping. This makes it possible fo...
PT-2026-7502
The OpenPOS Lite – Point of Sale for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'width' parameter of the order qrcode shortcode in all versions up to, and including, 3.0 due to insufficient input sanitization and output escaping. This makes it possible f...