55 matches found
EUVD-2026-39369
Unauthenticated Sensitive Data Exposure in Vitepos = 3.4.2 versions...
CVE-2026-54841
Unauthenticated Sensitive Data Exposure in Vitepos = 3.4.2 versions...
CVE-2026-54841 WordPress Vitepos plugin <= 3.4.2 - Sensitive Data Exposure vulnerability
Unauthenticated Sensitive Data Exposure in Vitepos = 3.4.2 versions...
CVE-2026-54841
CVE-2026-54841 affects WordPress Vitepos plugin versions
WordPress Vitepos plugin < 3.4.2 - Outlet Manager+ Privilege Escalation vulnerability
Outlet Manager+ Privilege Escalation vulnerability discovered by RealKingEngine ISAL FRAMEWORK in WordPress Plugin Vitepos versions 3.4.2...
CVE-2026-8157
The Vitepos WordPress plugin before 3.4.2 does not properly restrict the roles that can be assigned when creating new users via one of its REST API endpoints, allowing authenticated users with a custom Vitepos WordPress plugin before 3.4.2 role to escalate privileges to administrator...
CVE-2026-8157
The Vitepos WordPress plugin before 3.4.2 does not properly restrict the roles that can be assigned when creating new users via one of its REST API endpoints, allowing authenticated users with a custom Vitepos WordPress plugin before 3.4.2 role to escalate privileges to administrator...
CVE-2026-8157 Vitepos < 3.4.2 - Outlet Manager+ Privilege Escalation
The Vitepos WordPress plugin before 3.4.2 does not properly restrict the roles that can be assigned when creating new users via one of its REST API endpoints, allowing authenticated users with a custom Vitepos WordPress plugin before 3.4.2 role to escalate privileges to administrator...
EUVD-2026-38215
The Vitepos WordPress plugin before 3.4.2 does not properly restrict the roles that can be assigned when creating new users via one of its REST API endpoints, allowing authenticated users with a custom Vitepos WordPress plugin before 3.4.2 role to escalate privileges to administrator...
CVE-2026-8157
The CVE-2026-8157 entry concerns the Vitepos WordPress plugin, specifically versions before 3.4.2. The vulnerability arises from improper access control in a REST API endpoint used to create new users: authenticated users with a custom Vitepos role can bypass restrictions and elevate their privil...
WordPress Vitepos plugin <= 3.4.2 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by qdtad in WordPress Plugin Vitepos versions = 3.4.2...
WordPress Vitepos plugin <= 3.3.0 - Authenticated (Subscriber+) Arbitrary File Upload to Remote Code Execution vulnerability
Authenticated Subscriber+ Arbitrary File Upload to Remote Code Execution vulnerability discovered by Moose Love - Nagasaki Prefectural University in WordPress Plugin Vitepos versions = 3.3.0...
CVE-2025-13156
The Vitepos – Point of Sale POS for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the insertmediaattachment function in all versions up to, and including, 3.3.0. This is due to the saveupdatecategoryimg function accepting...
CVE-2025-13156
The Vitepos – Point of Sale POS for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the insertmediaattachment function in all versions up to, and including, 3.3.0. This is due to the saveupdatecategoryimg function accepting...
CVE-2025-13156 Vitepos – Point of Sale (POS) for WooCommerce <= 3.3.0 - Authenticated (Subscriber+) Arbitrary File Upload to Remote Code Execution
The Vitepos – Point of Sale POS for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the insertmediaattachment function in all versions up to, and including, 3.3.0. This is due to the saveupdatecategoryimg function accepting...
EUVD-2025-198394
The Vitepos – Point of Sale POS for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the insertmediaattachment function in all versions up to, and including, 3.3.0. This is due to the saveupdatecategoryimg function accepting...
CVE-2025-13156
CVE-2025-13156 (Vitepos – POS for WooCommerce) In WordPress, versions up to 3.3.0 permit authenticated (Subscriber+) arbitrary file uploads via the insert_media_attachment/save_update_category_img path due to missing file-type validation when processing category images. This can lead to remote co...
WordPress plugin Vitepos 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...
PT-2025-47711
Name of the Vulnerable Software and Affected Versions Vitepos – Point of Sale POS for WooCommerce versions up to and including 3.3.0 Description The Vitepos – Point of Sale POS for WooCommerce plugin for WordPress is susceptible to arbitrary file uploads due to a lack of file type validation with...
EUVD-2025-11742
Malicious code in bioql PyPI...