Lucene search
K

60 matches found

NVD
NVD
added 3 days ago3 views

CVE-2026-57385

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in appsbd Vitepos vitepos-lite allows Blind SQL Injection.This issue affects Vitepos: from n/a through = 3.4.2...

8.5CVSS0.0026EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago27 views

CVE-2026-57385 WordPress Vitepos plugin <= 3.4.2 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in appsbd Vitepos vitepos-lite allows Blind SQL Injection.This issue affects Vitepos: from n/a through = 3.4.2...

8.5CVSS0.0026EPSS
Exploits0References1
CVE
CVE
added 3 days ago6 views

CVE-2026-57385

Vulnerable software: WordPress Vitepos plugin (vitepos-lite) up to version 3.4.2. Root cause: improper neutralization of special elements in SQL commands enabling blind SQL injection. Impact: high (CVSS v3.1 base 8.5) with network-based attack, low complexity, low privileges, no user interaction;...

8.5CVSS6.1AI score0.0026EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/07/07 3:15 p.m.5 views

WordPress Vitepos plugin <= 3.4.2 - SQL Injection vulnerability

SQL Injection vulnerability discovered by endy in WordPress Plugin Vitepos versions = 3.4.2...

8.5CVSS6AI score0.0026EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/06/25 2:16 p.m.8 views

CVE-2026-54841

Unauthenticated Sensitive Data Exposure in Vitepos = 3.4.2 versions...

7.5CVSS0.00294EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/25 1:12 p.m.29 views

CVE-2026-54841 WordPress Vitepos plugin <= 3.4.2 - Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure in Vitepos = 3.4.2 versions...

7.5CVSS0.00294EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/25 1:12 p.m.6 views

CVE-2026-54841

Unauthenticated Sensitive Data Exposure in Vitepos = 3.4.2 versions...

7.5CVSS5.8AI score0.00294EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 1:12 p.m.4 views

EUVD-2026-39369

Unauthenticated Sensitive Data Exposure in Vitepos = 3.4.2 versions...

7.5CVSS5.8AI score0.00294EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 1:12 p.m.19 views

CVE-2026-54841

CVE-2026-54841 affects WordPress Vitepos plugin versions

7.5CVSS5.8AI score0.00294EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/22 9:54 a.m.10 views

WordPress Vitepos plugin < 3.4.2 - Outlet Manager+ Privilege Escalation vulnerability

Outlet Manager+ Privilege Escalation vulnerability discovered by RealKingEngine ISAL FRAMEWORK in WordPress Plugin Vitepos versions 3.4.2...

8.8CVSS5.8AI score0.00237EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/22 6:16 a.m.16 views

CVE-2026-8157

The Vitepos WordPress plugin before 3.4.2 does not properly restrict the roles that can be assigned when creating new users via one of its REST API endpoints, allowing authenticated users with a custom Vitepos WordPress plugin before 3.4.2 role to escalate privileges to administrator...

8.8CVSS0.00237EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/22 6:0 a.m.34 views

CVE-2026-8157 Vitepos < 3.4.2 - Outlet Manager+ Privilege Escalation

The Vitepos WordPress plugin before 3.4.2 does not properly restrict the roles that can be assigned when creating new users via one of its REST API endpoints, allowing authenticated users with a custom Vitepos WordPress plugin before 3.4.2 role to escalate privileges to administrator...

0.00237EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/22 6:0 a.m.4 views

CVE-2026-8157

The Vitepos WordPress plugin before 3.4.2 does not properly restrict the roles that can be assigned when creating new users via one of its REST API endpoints, allowing authenticated users with a custom Vitepos WordPress plugin before 3.4.2 role to escalate privileges to administrator...

8.8CVSS5.8AI score0.00237EPSS
Exploits0References1
CVE
CVE
added 2026/06/22 6:0 a.m.18 views

CVE-2026-8157

The CVE-2026-8157 entry concerns the Vitepos WordPress plugin, specifically versions before 3.4.2. The vulnerability arises from improper access control in a REST API endpoint used to create new users: authenticated users with a custom Vitepos role can bypass restrictions and elevate their privil...

8.8CVSS5.8AI score0.00237EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/22 6:0 a.m.12 views

EUVD-2026-38215

The Vitepos WordPress plugin before 3.4.2 does not properly restrict the roles that can be assigned when creating new users via one of its REST API endpoints, allowing authenticated users with a custom Vitepos WordPress plugin before 3.4.2 role to escalate privileges to administrator...

8.8CVSS5.8AI score0.00237EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/18 1:18 p.m.7 views

WordPress Vitepos plugin <= 3.4.2 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by qdtad in WordPress Plugin Vitepos versions = 3.4.2...

7.5CVSS5.8AI score0.00294EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/11/24 7:15 a.m.9 views

WordPress Vitepos plugin <= 3.3.0 - Authenticated (Subscriber+) Arbitrary File Upload to Remote Code Execution vulnerability

Authenticated Subscriber+ Arbitrary File Upload to Remote Code Execution vulnerability discovered by Moose Love - Nagasaki Prefectural University in WordPress Plugin Vitepos versions = 3.3.0...

8.8CVSS7.5AI score0.00613EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/11/22 8:35 a.m.5 views

CVE-2025-13156

The Vitepos – Point of Sale POS for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the insertmediaattachment function in all versions up to, and including, 3.3.0. This is due to the saveupdatecategoryimg function accepting...

8.8CVSS7.3AI score0.00613EPSS
Exploits0References1
NVD
NVD
added 2025/11/21 9:15 a.m.10 views

CVE-2025-13156

The Vitepos – Point of Sale POS for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the insertmediaattachment function in all versions up to, and including, 3.3.0. This is due to the saveupdatecategoryimg function accepting...

8.8CVSS0.00613EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/11/21 8:28 a.m.2 views

CVE-2025-13156 Vitepos – Point of Sale (POS) for WooCommerce <= 3.3.0 - Authenticated (Subscriber+) Arbitrary File Upload to Remote Code Execution

The Vitepos – Point of Sale POS for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the insertmediaattachment function in all versions up to, and including, 3.3.0. This is due to the saveupdatecategoryimg function accepting...

8.8CVSS6.9AI score0.00613EPSS
Exploits0References2
Rows per page
Query Builder